Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Spyware / Virus Removal » could someone read my log please
Register Calendar Gallery Mark Forums Read

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Reply
 
Thread Tools Display Modes
  #1  
Old 10-07-2004, 09:54 PM
brossys brossys is offline
Junior Member
  
Join Date: Oct 2004
Posts: 4
could someone read my log please
...thank you




Logfile of HijackThis v1.98.2
Scan saved at 10:54:07 PM, on 10/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDCCEVTMGR.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON CLEANSWEEPCSINJECT.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON UTILITIESNPROTECT.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDSYMTRAY.EXE
C:PROGRAM FILESSYGATESPFSMC.EXE
C:WINDOWSSYSTEMHIDSERV.EXE
C:PROGRAM FILESCOMMON FILESWINTOOLSWSUP.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOW***PLORER.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESCREATIVESHAREDLLCTNOTIFY.EXE
C:WINDOWSLOADQM.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDCCAPP.EXE
C:PROGRAM FILESCOMMON FILESREALUPDATE_OBREALSCHED.EXE
C:PROGRAM FILESCREATIVESHAREDLLMEDIADET.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON CLEANSWEEPCSINSM32.EXE
C:Program FilesNorton SystemWorksNorton CleanSweepMonwow.exe
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESCOMMON FILESWINTOOLSWTOOLSA.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:MY DOCUMENTSHIJACKHIJACKTHIS.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50073
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://home.eastlink.ca/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50073
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50073
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1COMMON~1WINTOOLSWTOOLSB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAM FILESADOBEACROBAT 5.0READERACTIVEXACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:PROGRA~1TOOLBARTOOLBAR.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1COMMON~1WINTOOLSWTOOLSB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:PROGRA~1TOOLBARTOOLBAR.DLL
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [Disc Detector] C:Program FilesCreativeShareDLLCtNotify.exe
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 - HKLM..Run: [CXMon] "C:Program FilesHewlett-PackardPhotoSmartPhoto ImagingHpi_Monitor.exe"
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 - HKLM..Run: [NPROTECT] C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O4 - HKLM..Run: [CriticalUpdate] C:WINDOWSSYSTEMwucrtupd.exe -startup
O4 - HKLM..Run: [SmcService] C:PROGRA~1SYGATESPFSMC.EXE -startgui
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [WinTools] C:Program FilesCommon FilesWinToolsWToolsA.exe
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM..RunServices: [ccEvtMgr] "C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe"
O4 - HKLM..RunServices: [CSINJECT.EXE] C:Program FilesNorton SystemWorksNorton CleanSweepCSINJECT.EXE
O4 - HKLM..RunServices: [NPROTECT] C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O4 - HKLM..RunServices: [SymTray - Norton SystemWorks] C:Program FilesCommon FilesSymantec SharedSymTray.exe "Norton SystemWorks"
O4 - HKLM..RunServices: [SmcService] C:PROGRAM FILESSYGATESPFSMC.EXE
O4 - HKLM..RunServices: [WinTools] C:Program FilesCommon FilesWinToolsWToolsA.exe
O4 - HKLM..RunServicesOnce: [WinTools] C:PROGRA~1COMMON~1WINTOOLSWTOOLSA.EXE /boot
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:Program FilesNorton SystemWorksNorton CleanSweepcsinsm32.exe
O4 - Startup: America Online Tray Icon.lnk = C:America Online 4.0aoltray.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:PROGRA~1INCRED~1binresourcesWebMenuImg.htm
O12 - Plugin for .spop: C:PROGRA~1INTERN~1PluginsNPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03...all/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50073/QDow_AS2.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:PROGRA~1TOOLBARTOOLBAR.DLL
Reply With Quote
Posted


  #2  
Old 10-07-2004, 09:59 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Re: could someone read my log please
Welcome aboard brossy:

First thing would be to rescan again with hijack, insert a check next to each of the following then close all browser windows and click "fix checked"


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50073

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50073

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50073

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1COMMON~1WINTOOLSWTOOLSB.DLL

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:PROGRA~1TOOLBARTOOLBAR.DLL

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1COMMON~1WINTOOLSWTOOLSB.DLL

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:PROGRA~1TOOLBARTOOLBAR.DLL

O4 - HKLM..Run: [WinTools] C:Program FilesCommon FilesWinToolsWToolsA.exe

O4 - HKLM..RunServices: [WinTools] C:Program FilesCommon FilesWinToolsWToolsA.exe

O4 - HKLM..RunServicesOnce: [WinTools] C:PROGRA~1COMMON~1WINTOOLSWTOOLSA.EXE /boot

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50073/QDow_AS2.cab

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:PROGRA~1TOOLBARTOOLBAR.DLL[/quote]


then reboot your system into safe mode, open windows explorer, find then delete:
C:Program FilesCommon FilesWinTools
C:PROGRA~1TOOLBAR

Then Download Adaware Se from http://www.lavasoftusa.com/support/download/
In Ad-aware click the Gear to go to the Settings area.
The following items should be on a green check, not on a red X.
Under the Scanning button:Scan within archives
Under Memory & Registry, Check EVERYTHING
In Check Drives & Folders, make sure all of your hard drives are selected
Under the Advanced button, Check
Move deleted files to recycle bin
Include additional object information
Include negligible object information
Include environment information
Under the defaults button Set the homepage you wish to have set as default.
Under the tweak button
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:Unload recognized processes during scanning
Include info about ignored objects in logfile, if detected in scan
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Include used command line parameters in logfile
In Cleaning Engine: XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion
Click Proceed to save these settings. When you would like to perform a "Full Scan," switch the scan mode from SmartScan to Custom
__________________________________________________ _____________
Reboot, rescan with hijack and post a fresh logfile please.
Reply With Quote
  #3  
Old 10-07-2004, 10:32 PM
brossys brossys is offline
Junior Member
  
Join Date: Oct 2004
Posts: 4
thanks mobo ,sorry bout the wait had to run it twic :

ogfile of HijackThis v1.98.2
Scan saved at 11:38:50 PM, on 10/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDCCEVTMGR.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON CLEANSWEEPCSINJECT.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON UTILITIESNPROTECT.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDSYMTRAY.EXE
C:PROGRAM FILESSYGATESPFSMC.EXE
C:WINDOWSSYSTEMHIDSERV.EXE
C:WINDOW***PLORER.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESCREATIVESHAREDLLCTNOTIFY.EXE
C:WINDOWSLOADQM.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDCCAPP.EXE
C:PROGRAM FILESCREATIVESHAREDLLMEDIADET.EXE
C:PROGRAM FILESCOMMON FILESREALUPDATE_OBREALSCHED.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON CLEANSWEEPCSINSM32.EXE
C:Program FilesNorton SystemWorksNorton CleanSweepMonwow.exe
C:WINDOWSSYSTEMWMIEXE.EXE
C:MY DOCUMENTSHIJACKHIJACKTHIS.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://home.eastlink.ca/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAM FILESADOBEACROBAT 5.0READERACTIVEXACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [Disc Detector] C:Program FilesCreativeShareDLLCtNotify.exe
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 - HKLM..Run: [CXMon] "C:Program FilesHewlett-PackardPhotoSmartPhoto ImagingHpi_Monitor.exe"
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 - HKLM..Run: [NPROTECT] C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O4 - HKLM..Run: [CriticalUpdate] C:WINDOWSSYSTEMwucrtupd.exe -startup
O4 - HKLM..Run: [SmcService] C:PROGRA~1SYGATESPFSMC.EXE -startgui
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM..RunServices: [ccEvtMgr] "C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe"
O4 - HKLM..RunServices: [CSINJECT.EXE] C:Program FilesNorton SystemWorksNorton CleanSweepCSINJECT.EXE
O4 - HKLM..RunServices: [NPROTECT] C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O4 - HKLM..RunServices: [SymTray - Norton SystemWorks] C:Program FilesCommon FilesSymantec SharedSymTray.exe "Norton SystemWorks"
O4 - HKLM..RunServices: [SmcService] C:PROGRAM FILESSYGATESPFSMC.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:Program FilesNorton SystemWorksNorton CleanSweepcsinsm32.exe
O4 - Startup: America Online Tray Icon.lnk = C:America Online 4.0aoltray.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:PROGRA~1INCRED~1binresourcesWebMenuImg.htm
O12 - Plugin for .spop: C:PROGRA~1INTERN~1PluginsNPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03...all/xscan53.cab
Reply With Quote
  #4  
Old 10-07-2004, 10:34 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Thats clean there but open msconfig Rob and shut down the real update scheduler entry.
Reply With Quote
  #5  
Old 10-07-2004, 10:37 PM
brossys brossys is offline
Junior Member
  
Join Date: Oct 2004
Posts: 4
got it mobo thanks ........now only if my text was bigger , any idea with that
Reply With Quote
  #6  
Old 10-07-2004, 10:39 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
What text is that ?
Reply With Quote
  #7  
Old 10-07-2004, 10:40 PM
brossys brossys is offline
Junior Member
  
Join Date: Oct 2004
Posts: 4
all the text is small and hard to see ....this was before the fix so dont woorry mobo everythuings is great
Reply With Quote
  #8  
Old 10-13-2004, 03:07 PM
roeo727 roeo727 is offline
Junior Member
  
Join Date: Oct 2004
Posts: 11
Send a message via Yahoo to roeo727
You should be able to change the text size by going into View at the top of your page and then go down to text and it gives you about 5 options. Hope this helps.
Reply With Quote
Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump

    Similar Threads
    Thread Thread Starter Forum Replies Last Post
    Ok you old fogies read this.. Mobo The coffee shop 6 10-02-2005 12:41 AM
    Something everyone should read southernlady Security Alerts and vulnerabilities 10 03-13-2005 11:10 PM
    Before You Post A Hijack Log Please Read.. Mobo Spyware / Virus Removal 0 01-22-2005 10:02 PM
    could someone read this log please 700mb80min Spyware / Virus Removal 4 12-06-2004 05:51 PM
    can somebody read my hjt log please . kidssys Spyware / Virus Removal 3 11-04-2004 03:19 PM



    All times are GMT -5. The time now is 07:15 PM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2