Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijacks


  • Please log in to reply

#1
FRITZ

FRITZ

    New Member

  • Member
  • Pip
  • 5 posts
my computer is having a lot of pop-ups that pop up blockers aren't stopping. My computer all of a sudden just reboots itself. After running ad - aware and spybot -I get reports of hijackers. Here are the reports of my hijacker scans, What should I remove?
I aStartupList report, 1/9/2005, 2:15:09 PM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\FREDER~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\muqhumw.exe
C:\WINDOWS\mmups.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C:\WINDOWS\system32\vviqoo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\dvddmgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\WINDOWS\system32\dswrrenu.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\FREDER~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Frederick Bielo\Start Menu\Programs\Startup]
Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = c:\windows\system32\userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
nwiz = nwiz.exe /install
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
HPHUPD05 = C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HPHmon05 = C:\WINDOWS\System32\hphmon05.exe
OISFLSY = C:\WINDOWS\OISFLSY.exe
EOY = C:\WINDOWS\EOY.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AIM Messenger = AIMMSNGR.EXE
Microsoft CronD Service = MSCRON.EXE
HP Software Update = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
VBouncer = C:\PROGRA~1\VBouncer\VirtualBouncer.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
atcedjfpx = C:\WINDOWS\system32\muqhumw.exe
mediamotor.exe = C:\WINDOWS\mmups.exe
C:\WINDOWS\tbzpqdztaa.exe = C:\WINDOWS\tbzpqdztaa.exe
SStb.exe = SStb.exe
vcmxin = C:\WINDOWS\system32\BW_ActiveX.Stub.exe
Dvx = C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
vmss = C:\WINDOWS\system32\vmss\vmss.exe
AutoUpdater = "C:\Program Files\AutoUpdate\AutoUpdate.exe"
2Fmi35T = dvddmgr.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
PopUpStopperProfessional = "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
Jo5sRRfmO = dswrrenu.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssbezier.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

HP DArC Task #Hewlett-Packard#7700#MY397210N9K5.job
HP Usg Daily.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
XoftSpy.job

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\system32\aklsp.dll
Protocol #2: C:\WINDOWS\system32\aklsp.dll
Protocol #3: C:\WINDOWS\system32\aklsp.dll
Protocol #4: C:\WINDOWS\System32\calsp.dll
Protocol #5: C:\WINDOWS\System32\calsp.dll
Protocol #6: C:\WINDOWS\System32\calsp.dll
Protocol #18: C:\WINDOWS\System32\calsp.dll
Protocol #19: C:\WINDOWS\system32\aklsp.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\FREDER~1\LOCALS~1\Temp\A~NSISu_.exe|||C

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,877 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
m getting hijacker reports that don't get removed.
StartupList report, 1/9/2005, 2:15:09 PM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\FREDER~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\muqhumw.exe
C:\WINDOWS\mmups.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C:\WINDOWS\system32\vviqoo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\dvddmgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\WINDOWS\system32\dswrrenu.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\FREDER~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Frederick Bielo\Start Menu\Programs\Startup]
Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = c:\windows\system32\userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
nwiz = nwiz.exe /install
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
HPHUPD05 = C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HPHmon05 = C:\WINDOWS\System32\hphmon05.exe
OISFLSY = C:\WINDOWS\OISFLSY.exe
EOY = C:\WINDOWS\EOY.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AIM Messenger = AIMMSNGR.EXE
Microsoft CronD Service = MSCRON.EXE
HP Software Update = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
VBouncer = C:\PROGRA~1\VBouncer\VirtualBouncer.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
atcedjfpx = C:\WINDOWS\system32\muqhumw.exe
mediamotor.exe = C:\WINDOWS\mmups.exe
C:\WINDOWS\tbzpqdztaa.exe = C:\WINDOWS\tbzpqdztaa.exe
SStb.exe = SStb.exe
vcmxin = C:\WINDOWS\system32\BW_ActiveX.Stub.exe
Dvx = C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
vmss = C:\WINDOWS\system32\vmss\vmss.exe
AutoUpdater = "C:\Program Files\AutoUpdate\AutoUpdate.exe"
2Fmi35T = dvddmgr.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
PopUpStopperProfessional = "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
Jo5sRRfmO = dswrrenu.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssbezier.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

HP DArC Task #Hewlett-Packard#7700#MY397210N9K5.job
HP Usg Daily.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
XoftSpy.job

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\system32\aklsp.dll
Protocol #2: C:\WINDOWS\system32\aklsp.dll
Protocol #3: C:\WINDOWS\system32\aklsp.dll
Protocol #4: C:\WINDOWS\System32\calsp.dll
Protocol #5: C:\WINDOWS\System32\calsp.dll
Protocol #6: C:\WINDOWS\System32\calsp.dll
Protocol #18: C:\WINDOWS\System32\calsp.dll
Protocol #19: C:\WINDOWS\system32\aklsp.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\FREDER~1\LOCALS~1\Temp\A~NSISu_.exe|||C

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,877 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi Fritz. Welcome to GTG. :tazz:

I need you to do a regular Hijack This scan. The start-up list is great, but just hit scan for a regular log and post the results and we'll take a look. ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP