Hijackthis Log For Newb

newb

By newb,
in Malware Removal

 Share Followers 0

Recommended Posts

newb

newb

Posted
Posted

Logfile of HijackThis v1.98.2

Scan saved at 20:25:19, on 02-11-2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Programas\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Trend Micro\Internet Security\Tmntsrv.exe

C:\Programas\Trend Micro\Internet Security\tmproxy.exe

C:\Programas\Trend Micro\Internet Security\PccPfw.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programas\HPQ\One-Touch\OneTouch.EXE

C:\Programas\Synaptics\SynTP\SynTPLpr.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\system32\carpserv.exe

C:\Programas\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\Trend Micro\Internet Security\pccguide.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Programas\Trend Micro\Internet Security\PCClient.exe

C:\Programas\Trend Micro\Internet Security\TMOAgent.exe

C:\Programas\Creative\Video Blaster WebCam Control\CAMTRAY.EXE

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Programas\Messenger Plus! 3\MsgPlus.exe

C:\Programas\Lavasoft\Ad-aware 6\Ad-watch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Paltalk\pnetaware.exe

c:\progra~1\intern~1\iexplore.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Microsoft Office\Office10\msoffice.exe

C:\DOCUME~1\FJS\DEFINI~1\Temp\Directório temporário 1 para hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jshcahnvezclzjdr.us/J4HgDYXfpYr...Zn3MbhV0ABN.jpg

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programas\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Programas\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\Programas\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [CXMon] "C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Programas\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [pccguide.exe] "C:\Programas\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Programas\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programas\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programas\Creative\Video Blaster WebCam Control\CAMTRAY.EXE

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Ad-aware] C:\Programas\Lavasoft\Ad-aware 6\Ad-aware.exe +c

O4 - HKLM\..\Run: [Ad-watch] C:\Programas\Lavasoft\Ad-aware 6\Ad-watch.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [longbait] C:\DOCUME~1\FJS\APPLIC~1\FRAGRE~1\internetdupepure.exe

O4 - Startup: PalNetaware.lnk = C:\Programas\Paltalk\pnetaware.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.creaf.com

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Problematic bar pic here:

http://animedvdcompare.no.sapo.pt/barra_explorer.JPG

It's the bottom bar... the top one was alreday removed...

Link to post
Share on other sites
therock247uk

therock247uk

Posted
Posted

1. Please move Hijackthis to a permanent folder like c:/ so backups can be made.

2. Then open Hijackthis from c:/hjt and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jshcahnvezclzjdr.us/J4HgDYXfpYr...Zn3MbhV0ABN.jpg

O4 - HKCU\..\Run: [longbait] C:\DOCUME~1\FJS\APPLIC~1\FRAGRE~1\internetdupepure.exe

3. Reboot and delete the folders.

C:\Documents and Settings\FJS\Application Data\FRAGRE~1\ < Folder starts with FRAGRE

4. Then post a new Hijackthis log here in a reply.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing