Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

vx2.look2me - help please


  • Please log in to reply

#1
nuno

nuno

    New Member

  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 19:23:10, on 27-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\WINDOWS\system32\rundll32.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\WINDOWS\system32\RunDll32.exe
C:\Programas\Winamp\winampa.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Programas\QuickTime\qttask.exe
D:\WINDOWS\system32\ezSP_Px.exe
D:\WINDOWS\system32\rmctrl.exe
D:\WINDOWS\system32\atiptaxx.exe
D:\Programas\SyncroSoft\Pos\H2O\cledx.exe
D:\Programas\Support.com\bin\tgcmd.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Programas\Spyware Doctor\swdoctor.exe
C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Programas\Trend Micro\Tmas\Tmas.exe
D:\WINDOWS\system32\sistray.exe
C:\Programas\ProtectX\protectx.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programas\Internet Explorer\iexplore.exe
D:\Documents and Settings\Carlinha\Ambiente de trabalho\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.publico.pt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Programas\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] D:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [RemoteControl] D:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [H2O] D:\Programas\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [hcenter] "D:\Programas\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: ProtectX Hacker Defence Suite.lnk = C:\Programas\ProtectX\protectx.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\Programas\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programas\Hello_Pictures on Blog\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programas\Hello_Pictures on Blog\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2A0DED63-24F3-4FD6-BEC4-58F8E1F0C205} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113316183655
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/...tz.cab37625.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - D:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - D:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
  • 0

Advertisements


#2
ken545

ken545

    Malware Expert

  • Expert
  • 158 posts
  • MVP
Hello Nuno,

Welcome to the forum, my name is Ken and I will be helping you clean up your system.

DO THIS FIRST
Your HIJACKTHIS program is current, but it is very important that it resides in its own folder.
We will use Hijackthis (HJT) to make changes to your system and HJT will make backups of those changes,
If HJT is not in its own folder, those backups could be lost.

Easy to fix,
* just go to MY COMPUTER > YOUR C:\ DRIVE and create a new folder and name it HIJACKTHIS .
* Now scroll to where you have HJT currently, right click on the HJT icon and select CUT .
* Now open the new folder you just created and right click within that folder and select PASTE .
* Now HJT should reside in C:\HIJACKTHIS\HIJACKTHIS.EXE

Reboot your computer into Safemode.
To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD


Go to Start/ Run and type in services.msc, when the window opens, scroll down and find this service, Hardware Clock Driver Right click on it and click on Disable.

Run HJT> Misc Tools> Delete an NT Service and paste this entire path into the box
D:\WINDOWS\System32\hwclock.exe Then click ok.

Reboot normally.

Download and install the trial version of Spysweeper

* Check for updates
* Click on Scanner
* Let it scan and remove all it finds.
* Click on Save report
* I need you to paste the report into your next reply.

Run HJT Scan Only, close your browser and all open windows, put a checkmark in these entries and click on Fix Checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O16 - DPF: {2A0DED63-24F3-4FD6-BEC4-58F8E1F0C205} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - D:\WINDOWS\System32\hwclock.exe (file missing)


O4 - Startup: Reboot.exe
Fix this item if it was not set by you. It's located in your StartUp folder. You can find it here C:\ Documents and settings/Your Name /start menu/programs/startup Fix it also with HJT if you remove it from your startup folder.

Enable windows to show all files and folders.


* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK

Reboot back into Safemode

Now look for the following files and folders and delete them if found

C:\Programas\Winamp
D:\WINDOWS\System32\hwclock.exe

You will need to search for this one
Reboot.exe

Reboot normally, run HJT and paste a new log into this thread along with the Spysweeper report

Edited by ken545, 31 October 2005 - 11:40 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP