MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijack This Help for Spyware Problems
December 10, 2019, 05:03:54 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 10, 2019, 05:03:54 AM

Login with username, password and session length
 Featured Sites:
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Hijack This Help for Spyware Problems  (Read 1133 times)
asugianto
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« on: March 04, 2005, 09:01:23 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP Home 2002 SP1
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



Hi, the following is my HijackThis report.  I am trying to clean up a computer that is full of spyware.  Thank you so much!!
Logfile of HijackThis v1.99.1
Scan saved at 12:50:35 PM, on 3/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wiqwyg.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system\abshqfomnc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\tasecsnp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\temporary\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: (no name) - {02970D24-179B-484C-94E5-8704311B21C7} - (no file)
O2 - BHO: (no name) - {157BCE64-601F-4FAF-95B3-C3E31BBBEC88} - (no file)
O2 - BHO: (no name) - {1E058360-920A-48DB-B82F-6DD43FC99FCF} - (no file)
O2 - BHO: (no name) - {21614461-BE5B-47E7-B864-F3F5B96446A3} - (no file)
O2 - BHO: (no name) - {25CBBA93-7ACE-425B-BAE9-E915E32A8C4C} - (no file)
O2 - BHO: (no name) - {2B00CBB4-668E-4518-AF16-899507248B72} - (no file)
O2 - BHO: (no name) - {416533A4-1764-4F95-8746-4045EDFD9B69} - (no file)
O2 - BHO: (no name) - {45038CD2-1AD2-4883-8547-D65AB707F476} - (no file)
O2 - BHO: (no name) - {457A58D9-547E-4BCB-B4D6-C3917BA24250} - (no file)
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: (no name) - {50290551-1408-44A0-B70E-A046E86F8516} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5453AE7D-95CD-4A58-B553-3248107973D1} - (no file)
O2 - BHO: (no name) - {57C66930-B77B-4FC1-88B0-2C3B8F8A7DA5} - (no file)
O2 - BHO: (no name) - {5BA02A1E-7F79-480D-BA0E-E03B96708DF0} - (no file)
O2 - BHO: (no name) - {5F70DB9C-0369-4336-9ECE-3E96113BD094} - (no file)
O2 - BHO: (no name) - {5FD556E9-B47B-4A12-9F7F-1F7F78B2560D} - (no file)
O2 - BHO: (no name) - {6B40F1C0-8C53-4B44-9927-5382064273A4} - (no file)
O2 - BHO: (no name) - {6BCE2D4E-295D-4641-BE1E-37528F6BF608} - (no file)
O2 - BHO: (no name) - {704B907E-7F03-4D86-A5D9-2D5183208D26} - (no file)
O2 - BHO: (no name) - {71100146-DB94-4513-8595-18A0CA750B89} - (no file)
O2 - BHO: (no name) - {749FB878-9D4D-4F83-B2CE-FF6181F7A767} - (no file)
O2 - BHO: (no name) - {78D619F5-43E7-4268-AE56-D6139B224D0A} - (no file)
O2 - BHO: (no name) - {82C67C42-DB8B-4A9A-88BE-F3A1A29C5FD1} - (no file)
O2 - BHO: (no name) - {844D6D5B-6156-41EC-8DAB-F76A24BA0250} - (no file)
O2 - BHO: (no name) - {8802C77E-E9AC-42E2-8D5D-4AE6479B161D} - (no file)
O2 - BHO: (no name) - {8D0981BD-5048-4C6E-AB1B-0B4F8967132E} - (no file)
O2 - BHO: (no name) - {927EE5C7-A371-49EC-AF0B-D51756E629A3} - (no file)
O2 - BHO: (no name) - {929790A0-7366-418F-9327-FC7927B6B7AD} - (no file)
O2 - BHO: (no name) - {93558D69-9B65-44D8-AE8B-9162122A7C6A} - (no file)
O2 - BHO: (no name) - {991FE0B4-15C5-4C8F-9B44-FC3F773FA5E2} - (no file)
O2 - BHO: (no name) - {9DC14B79-6B2D-4428-9DD0-0EA71B9487A3} - (no file)
O2 - BHO: (no name) - {9E169DCA-8F15-4D04-A54B-CB4C39DE8662} - (no file)
O2 - BHO: (no name) - {A5A7F8CB-536E-4005-B774-17F35DC7CF22} - (no file)
O2 - BHO: (no name) - {A892B884-2D0D-4FD5-A709-D472594E3CB2} - (no file)
O2 - BHO: (no name) - {B17F911E-6925-4CD3-9BED-A681648EDE69} - (no file)
O2 - BHO: (no name) - {B6D3BD55-12A5-469C-A715-967E5C3FABE5} - (no file)
O2 - BHO: (no name) - {C4278137-F280-4390-AFB5-2ABA18950760} - (no file)
O2 - BHO: (no name) - {C55E3232-A736-44FD-B9FD-B169FF96F7C3} - (no file)
O2 - BHO: (no name) - {CB945AE5-C35B-4202-BCAD-D6F5F9EA23D7} - (no file)
O2 - BHO: (no name) - {CF63474C-6034-4A76-9FF3-82C58F30900D} - (no file)
O2 - BHO: (no name) - {D445A78B-FB3D-407C-B935-AFB6A8E347A4} - (no file)
O2 - BHO: (no name) - {DBE5FDA7-A850-48F1-BC5A-3CD53EFC8E69} - (no file)
O2 - BHO: (no name) - {E4ECF76F-96E6-46DB-9B77-9A887AF42D02} - (no file)
O2 - BHO: (no name) - {E523B2D8-3387-4C41-84F1-0D92EB8DC56D} - (no file)
O2 - BHO: (no name) - {E9C67DD7-F93F-468E-8F6B-B5F2FE8E850F} - (no file)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {EE914760-0C5C-4042-8BD6-1B6F6C06771E} - (no file)
O2 - BHO: (no name) - {EF6A494B-C653-41FE-B6E2-D55DA64BDE46} - (no file)
O2 - BHO: (no name) - {F2199028-97AF-4A33-883C-7B8DC836AB5D} - (no file)
O2 - BHO: (no name) - {F95F4B3C-3532-451B-9772-E164378B5422} - (no file)
O2 - BHO: (no name) - {FE0DF14A-6868-45AA-9F81-DE5C1A55CEA1} - (no file)
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [e02mRhd2U] tasecsnp.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #1 on: March 04, 2005, 10:08:20 PM »

Start by disabling System Restore, which is something you can re-enable after the PC has been fixed.

Furthermore, make sure that Windows Explorer is set to show hidden files and folders. Click Tools/Folder Options -> View and check Show hidden files and folders and uncheck Hide protected operating system files


Now download the following programs:

Stinger
CWShredder
Spybot Search & Destroy
Ad-Aware
VX2 Cleaner
About:Buster <-- you won't use this one until after we've made some amendments to your logfile.
Cleanup! <-- you won't use this one until after we've made some amendments to your logfile.

Now go to the following online AV scanners:

Rav Antivirus
Trend Antivirus
Panda Activescan

Let all of them delete what they want. Write down what they fail in dealing with.

Now run Stinger. It's a standalone tool that's designed to carve out trojans and such. Let it run and allow it to do it's thing.

Then run and update CWShredder. Click the Fix button and click OK when the prompt CWShredder will shutdown any open Internet Explorer and Windows Media Player windows. Click OK to continue appears.
Wait for it to finish and then click Next and Finish.

Now install, run, update and scan your system with Spybot S&D.
When it's done scanning, check all entries that are marked RED and click Fix Selected.

Then install Ad-Aware and update it right away. Then scan and let it fix whatever it reports.
Then shut down Ad-Aware.
Then install the VX2 Cleaner and let it install into the Ad-Aware program folder.
Start Ad-Aware again and click the AddOns button. Double click the VX2 Cleaner in there and click OK at the prompt.

If your computer is infected

 Select
Logged

Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 13, 2018, 06:30:54 AM