Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HIJACK THIS LOG, HELP!

Started by DJ JAM , Dec 15 2005 02:41 PM

  • Please log in to reply

#1
DJ JAM
Posted 15 December 2005 - 02:41 PM

DJ JAM

    New Member

  • Member
  • Pip
  • 2 posts
i think someone is remote accesing my computer!!! PLEASE HELP, i run xsoftspy, ad-aware,hijackthis, spyblaster,spybot and norton antivirus, but all of a sudden stuff started changing and someone was using my outlook express to send and recieve like 20 e-mails and i got soo many ads. this is my hijackthis log. please also e-mail me with the reply incase i forget the website adress. :tazz:

StartupList report, 12/14/2005, 10:21:34 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Super-Arsinal-doom\Desktop\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\1133822599\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??xplore.exe
C:\Program Files\sami\emia.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Super-Arsinal-doom\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Super-Arsinal-doom\Start Menu\Programs\Startup]
LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
Remocon Driver.lnk = ?
Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AGRSMMSG = AGRSMMSG.exe
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
CreateCD_Reminder = C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
VAIO Update 2 = "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
ezShieldProtector for Px = C:\WINDOWS\System32\ezSP_Px.exe
VAIOSurvey = c:\program files\sony\vaio survey\surveysa.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe = C:\Program Files\Norton Internet Security\UrlLstCk.exe
VAIO Recovery = C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
Motive SmartBridge = C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
HostManager = C:\Program Files\Common Files\AOL\1133822599\ee\AOLSoftware.exe
StatusClient 2.6 = C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
TomcatStartup 2.5 = C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
HPLJ Config = C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
HP Software Update = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
mFilter = C:\WINDOWS\System32\MNeck.exe
WindowsUpdateNT = C:\WINDOWS\System\svwhost.exe /s
WindowsUpdate =
STOPzilla! Install = C:\Program Files\STOPzilla!\SZSetup.exe sz_install=SZProBase.msi

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Aim6 = "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
Jupnle = C:\WINDOWS\System32\??xplore.exe
Windows Registry Repair Pro = C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
windowsupdate =
WindowsUpdateNT = C:\WINDOWS\System\svwhost.exe
Iinl = "C:\Program Files\sami\emia.exe" -vt ndrv

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Web assistant - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Registration reminder 3.job
Symantec NetDetect.job
XoftSpy.job

--------------------------------------------------

Enumerating Download Program Files:

[VaioInfo.CMClass]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
CODEBASE = http://esupport.sony.com/VaioInfo.CAB

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.micros...b?1134073462015

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,430 bytes
Report generated in 0.281 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

Advertisements

#2
jwbirdsong
Posted 21 December 2005 - 09:06 AM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts
I need the HijackThis log..not the startlist log.
Open HijackThis and click on "do a system scan and save a log file". The log will automatically open when done. Pase a copy of that into your reply with the log from below

Please download OldTimer's Winpfind from here:
http://www.bleepingc...es/winpfind.php
Unzip it to the desktop and run Winpfind.exe.

Once the scan is finished, please CLOSE the Notepad window that pops up. Then please post the entire contents of the logfile winpfind.txt here along with the HijackThis log..
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP