Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can someone check my HiJack Log?

Started by mikmak , Oct 23 2005 02:46 PM

  • Please log in to reply

#1
mikmak
Posted 23 October 2005 - 02:46 PM

mikmak

    New Member

  • Member
  • Pip
  • 2 posts
hey guys, i'm new, and i just joined because my computer is out of control. I have "Sheriff Spyware" i THINK....and my desktop background looks like the one in the previous thread http://www.geekstogo...pic=35384&st=15. Except mine reads

"SPYWARE INFECTION

Your system has been infected with spyware. Windows recomends you to use a spyware removal tool to prevent loss of important data and increase system performance. Using this PC before having it cleaned from spyware threats is highly discouraged. "

My HJT file looks like this.

Logfile of HijackThis v1.99.1
Scan saved at 12:21:58 PM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\javagd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\javako.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Stephen\LOCALS~1\Temp\Rar$EX00.133\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files\Content.IE5\7VJ1JO3B\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\awmxs.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\awmxs.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\awmxs.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\awmxs.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\awmxs.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\awmxs.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\awmxs.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {13712ED8-0884-CF0B-46CC-6B33643B8AA3} - C:\WINDOWS\system32\appky32.dll
O4 - HKLM\..\Run: [javagd.exe] C:\WINDOWS\javagd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javako.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe




Quick help would be unbelievably appreciated.
  • 0

Advertisements

#2
skate_punk_21
Posted 28 October 2005 - 02:16 PM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Hi mikmak :tazz:, I see your having some trouble here so lets get cracking!

You have a Horseserver infection which requires some tools to get rid of.
  • First, download HSFix from here
  • After it is downloaded, create a new folder on your desktop called "HSFix" and extract all the files into the newly created folder.
  • Next, download CleanUp! Install it, but do not run it yet.
  • Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
  • Locate the HSFix folder on your desktop, open it, and double-click "hsfix.bat"
  • A log will be produced which you can close out of.
  • Then run HijackThis again, close any open windows and browsers and fix these:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\awmxs.dll/sp.html#93256
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\awmxs.dll/sp.html#93256
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\awmxs.dll/sp.html#93256
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\awmxs.dll/sp.html#93256
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\awmxs.dll/sp.html#93256
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\awmxs.dll/sp.html#93256
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\awmxs.dll/sp.html#93256
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {13712ED8-0884-CF0B-46CC-6B33643B8AA3} - C:\WINDOWS\system32\appky32.dll
    O4 - HKLM\..\Run: [javagd.exe] C:\WINDOWS\javagd.exe
    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javako.exe

  • Run CleanUp! Set the program up as follows:
    • Click "Options..."
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Scan local drives for temporary files (Please uncheck this option)
    • Cleanup! All Users
    Click OK
    Press the CleanUp! button to start the program. DO NOT Reboot/logoff when prompted.
  • Restart your computer into normal mode and run at least one of the following free, online virus scans:
    http://housecall.tre.../start_corp.asp
    http://www.pandasoft...n_principal.htm
    http://www3.ca.com/t...sinfo/scan.aspx
  • Restart your computer one last time and post a new HijackThis log, as well as the HSFix log which is located at C:/hslog.txt

Edited by skate_punk_21, 28 October 2005 - 02:18 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP