Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This Log File: HELP!


  • Please log in to reply

#1
tmdollar

tmdollar

    New Member

  • Member
  • Pip
  • 1 posts
Hi forum! I'm newly registered although I've been reading responses for awhile (need to make sure everythings legit).

Anyway, my daughter went to a site the other day and every since I get pop ups and all kinds of junk ;) . Here are the tools I've been using:

-Spybot Search & Destroy
-Ad Aware (Lavasoft)
-Pest Patrol (CA)
-Kerio (firewall)
-AVG

This is an invitation to help me and others who have these tools understand the gaps or maybe if I'm not using them appropriately.

Thanks so much!! :tazz:

Also, how do I unregister dll's?

Logfile of HijackThis v1.98.2
Scan saved at 9:50:09 AM, on 2/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\2vxduwzm\2vxduwzm.exe
C:\WINNT\system32\ngwp.exe
C:\WINNT\system32\sysmonnt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\WINNT\system32\LVComS.exe
C:\WINNT\system32\pluclu.exe
C:\WINNT\system32\pritsrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\Tanalyn Dollar\My Documents\Internet Downloads\hijack_this\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {9BDA28C4-B720-4C77-8FEE-6F3A9204AC43} - C:\Program Files\2vxduwzm\2vxduwzm.dll
O2 - BHO: (no name) - {BDF5767A-9684-4601-ADD9-73755F950BA3} - C:\Program Files\2vxduwzm\2vxduwzm.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {FB916D99-74A8-4181-A2F2-EAE04B2622CC} - C:\Program Files\2vxduwzm\2vxduwzm.dll
O4 - HKLM\..\Run: [xunsd] C:\WINNT\xunsd.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [2vxduwzm] C:\Program Files\2vxduwzm\2vxduwzm.exe
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [ngwp] C:\WINNT\system32\ngwp.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\eliteldi32.exe
O4 - HKLM\..\Run: [p37Q38Q] pritsrv.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Documents and Settings\Tanalyn Dollar\My Documents\Internet Downloads\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [sysmonnt] C:\WINNT\system32\sysmonnt
O4 - HKCU\..\Run: [Y0o4RUc7T] pluclu.exe
O4 - Startup: BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi tmdollar

Click Here download the latest version of Hijack This (1.99). It's better able to catch the latest threats.

This fix requires several tools that need to be downloaded. Please download these now, we will run them later.

1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-Aware - Download, install, and update.

Enable hidden files and folders: http://www.bleepingc...torial=62#winme

During the fix do NOT connect to the internet. Unless you can memorize these instructions, it would be a good idea to print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
-Configure Ad-Aware for a full system scan
-Run it

Clean Up the left overs

Run HJT, close any open windows, and fix the following items (if they are still there):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: (no name) - {9BDA28C4-B720-4C77-8FEE-6F3A9204AC43} - C:\Program Files\2vxduwzm\2vxduwzm.dll
O2 - BHO: (no name) - {BDF5767A-9684-4601-ADD9-73755F950BA3} - C:\Program Files\2vxduwzm\2vxduwzm.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {FB916D99-74A8-4181-A2F2-EAE04B2622CC} - C:\Program Files\2vxduwzm\2vxduwzm.dll
O4 - HKLM\..\Run: [xunsd] C:\WINNT\xunsd.exe
O4 - HKLM\..\Run: [2vxduwzm] C:\Program Files\2vxduwzm\2vxduwzm.exe
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [ngwp] C:\WINNT\system32\ngwp.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\eliteldi32.exe
O4 - HKLM\..\Run: [p37Q38Q] pritsrv.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Documents and Settings\Tanalyn Dollar\My Documents\Internet Downloads\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [sysmonnt] C:\WINNT\system32\sysmonnt
O4 - HKCU\..\Run: [Y0o4RUc7T] pluclu.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB


Then delete the following files (if they exist):

C:\Program Files\2vxduwzm\2vxduwzm.exe
C:\WINNT\system32\ngwp.exe
C:\WINNT\system32\sysmonnt.exe
C:\WINNT\system32\pluclu.exe
C:\WINNT\system32\pritsrv.exe
C:\Program Files\2vxduwzm\2vxduwzm.dll
C:\WINNT\xunsd.exe
C:\windows\bundles\adl_mteststub.exe
C:\Program Files\hpdll\hpdll.exe
C:\winnt\system32\eliteldi32.exe
pritsrv.exe
C:\Documents and Settings\Tanalyn Dollar\My Documents\Internet Downloads\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINNT\system32\sysmonnt
pluclu.exe

Reboot into normal mode (simply restart your computer as you normally would), and run the following free, online virus scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Then restart your computer one more time and post a new HJT log as well as the About:Buster log I asked you to save earlier.

Kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP