Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spyware removal

Started by elvisthe2nd , Feb 01 2005 09:58 PM

  • Please log in to reply

#1
elvisthe2nd
Posted 01 February 2005 - 09:58 PM

elvisthe2nd

    New Member

  • Member
  • Pip
  • 4 posts
:mad: this is really starting to bug me, i need to get rid of the spyware on my computer. there are popups and my computer is running very slow.

how do i get a "HiJack" log and fix the problem...i have downloaded HiJack This
  • 0

Advertisements

#2
elvisthe2nd
Posted 01 February 2005 - 10:03 PM

elvisthe2nd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
sorry i think this is my "log"


StartupList report, 2/1/2005, 8:02:04 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Brandon.OXUPSTAIRS\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\mmups.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Xmrmjk\Lygy.exe
C:\windows\180ax.exe
C:\windows\system32\ukgmjr.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\windows\system32\calc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Brandon.OXUPSTAIRS\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

vptray = C:\PROGRA~1\NavNT\vptray.exe
mediamotor.exe = C:\WINDOWS\mmups.exe
Internet Optimizer = "C:\Program Files\Internet Optimizer\optimize.exe"
Pzwfzpc = C:\Program Files\Xmrmjk\Lygy.exe
SurfSideKick 2 = C:\Program Files\SurfSideKick 2\Ssk.exe
180ax = c:\windows\180ax.exe
qhyv = C:\WINDOWS\qhyv.exe
ukgmjr = c:\windows\system32\ukgmjr.exe
WinTools = C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
Dvx = C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
vmss = C:\WINDOWS\System32\vmss\vmss.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SurfSideKick 2 = C:\Program Files\SurfSideKick 2\Ssk.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\ceres.dll - {00000049-8F91-4D9C-9573-F016E7626484}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll - {87766247-311C-43B4-8499-3D5FEC94A183}
(no name) - C:\WINDOWS\wsem303.dll - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Download Program Files:

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[IObjSafety.DemoCtl]
CODEBASE = http://cabs.media-mo...abs/diamond.cab

[IWinAmpActiveX Class]
InProcServer32 = C:\Program Files\Common Files\Nullsoft\ActiveX\2.0\AmpX.dll
CODEBASE = http://cdn.digitalci...illama/ampx.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\BRANDO~1.OXU\LOCALS~1\Temp\GLB1A2B.EXE||C:\Program Files\E2G\IeBHOs.dll||C:\Program Files\E2G\data19||C:\Program Files\E2G


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,369 bytes
Report generated in 0.375 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#3
Koretek
Posted 01 February 2005 - 10:17 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Thats either a very old edition or :tazz: ......?? lol, please post a new one heres the link Elvis! HijackThis Latest Edition
  • 0

#4
elvisthe2nd
Posted 01 February 2005 - 11:33 PM

elvisthe2nd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
hey sorry about that...i should have researched it a bit more. here it is, and no im not old enough to have seen elvis, im only 16, but I love his music

StartupList report, 2/1/2005, 9:31:15 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Brandon.OXUPSTAIRS\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\mmups.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Xmrmjk\Lygy.exe
C:\windows\180ax.exe
C:\windows\system32\ukgmjr.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\windows\system32\calc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Brandon.OXUPSTAIRS\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

vptray = C:\PROGRA~1\NavNT\vptray.exe
mediamotor.exe = C:\WINDOWS\mmups.exe
Internet Optimizer = "C:\Program Files\Internet Optimizer\optimize.exe"
Pzwfzpc = C:\Program Files\Xmrmjk\Lygy.exe
SurfSideKick 2 = C:\Program Files\SurfSideKick 2\Ssk.exe
180ax = c:\windows\180ax.exe
qhyv = C:\WINDOWS\qhyv.exe
ukgmjr = c:\windows\system32\ukgmjr.exe
WinTools = C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
Dvx = C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
vmss = C:\WINDOWS\System32\vmss\vmss.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SurfSideKick 2 = C:\Program Files\SurfSideKick 2\Ssk.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\ceres.dll - {00000049-8F91-4D9C-9573-F016E7626484}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll - {87766247-311C-43B4-8499-3D5FEC94A183}
(no name) - C:\WINDOWS\wsem303.dll - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Download Program Files:

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[IObjSafety.DemoCtl]
CODEBASE = http://cabs.media-mo...abs/diamond.cab

[IWinAmpActiveX Class]
InProcServer32 = C:\Program Files\Common Files\Nullsoft\ActiveX\2.0\AmpX.dll
CODEBASE = http://cdn.digitalci...illama/ampx.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\BRANDO~1.OXU\LOCALS~1\Temp\GLB1A2B.EXE||C:\Program Files\E2G\IeBHOs.dll||C:\Program Files\E2G\data19||C:\Program Files\E2G


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,369 bytes
Report generated in 0.375 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#5
elvisthe2nd
Posted 02 February 2005 - 11:18 AM

elvisthe2nd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
hey well i finally figured out how to use this program! i was trying to find out how everyone was just "posting logs" i had no clue how to do it and no one on here asked any questions about it, so i had to find some tutorial on the internet. anyways i found out how to use it, and i realized how simple it was to save a log. but i also realized that my hijack this program must be messed up because it freezes towardst the end of the scan and doesnet let me finish the scan or save my log file...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP