Hijackthis.log

Hello, I was wondering whether anyone could have a look at my hijackthis.log and let me know the state of my computer.

Logfile of HijackThis v1.99.1
Scan saved at 02:35:45, on 05/07/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - Default URLSearchHook is missing
O1 - Hosts: 169.254.169.253 dcwgr
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145573230234
O16 - DPF: !!7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37300.cab
O16 - DPF: !!9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Thank you very much

K
«1

Comments

  • peter_the_piper
    peter_the_piper Posts: 30,269 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    You've got a few problems there which should be looked at, copy the log and offer it to one of the sites which specialise in these such as http://www.d-a-l.com/help/forumdisplay.php?f=8. Sign up and go to the Hijackthis section in the forums.
    They will lead you carefully through the processes involved in removing.
    I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.
  • Browntoa
    Browntoa Posts: 49,591 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    or we can look at it here ????

    we can do the same ??
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,591 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    nothing much I can see there, why did you think there was a problem ??

    is your homepage hijacked as you do not seem to have a default one ??
    Ex forum ambassador

    Long term forum member
  • Katerina_sa
    Katerina_sa Posts: 50 Forumite
    Browntoa wrote:
    nothing much I can see there, why did you think there was a problem ??

    is your homepage hijacked as you do not seem to have a default one ??


    A few weeks ago Firefox crashed and lost all bookmarks. It made me wondered if there's something wrong. I knew that there was this board in here so I thought to use the knowledge of MSE's members.

    I've got a blank page as a default homepage.

    Thanks
    K
  • pchelpman
    pchelpman Posts: 1,274 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    Hello k

    As BT says there isn't that much obviously wrong with your log. Just a few things to fix up.

    Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.


    Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.[Remember to reverse this and re-hide these files when your computer is fixed]



    Download CWShredder here…..

    http://www.subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41

    [number 1 on the list]

    Run it and instruct it to “fix” anything it finds.



    Download CleanUp! here….. http://www.cleanup.stevengould.org/ .......

    *WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have a 64 bit Operating System [very unlikely] do NOT run Cleanup and let me know as we will use another utility

    Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.



    Reboot your system in Safe Mode by repeatedly tapping the F8 key until the menu appears (or the F5 key if F8 doesn't get to the safe menu).


    Open HijackThis ... click in scan ... oput a tick/check mark nexct top the following ewntreies IF they are still precent (make sure you get all of them you can see) ...

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    R3 - Default URLSearchHook is missing

    O1 - Hosts: 169.254.169.253 dcwgr


    Please remember to close all other windows, including browsers, before clicking “Fix checked”.



    Reboot your System in normal mode.



    If you have a fast internet connection (Broadband) run online scans here….

    http://www.pandasoftware.com/activescan/

    …and here…..

    http://housecall.trendmicro.com.

    When running the Panda Activescan make sure you click the Free Online Virus Scan in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan.

    Once it has finished save the Activescan log. Then post that log in your next post.

    Please run ALL the free scans offered by Housecall.

    Make sure they both perform full system scans.

    If either/both scans find something they cannot fix - perhaps because the infected files are "in use" - please make a note of the file(s) concerned and post the details back to this thread.


    You should be able to reset your home page to what you want now.

    Please post a fresh HijackThis log so that we can check if your system is clean.

    MOST IMPORTANTLY…..

    Please also give us an update on how your system is operating now.
  • MercilessKiller
    MercilessKiller Posts: 7,143 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    meh that was just a template he posted i assume as there isn't anything wrong at all!

    Go back into firefox > tools > options and set your homepage to whatever you liek (i.e https://www.google.co.uk) and carry on with life :p
    [FONT=Arial, Helvetica, sans-serif]"The internet is a great way to get on the net."
    - Bob Dole, Republican presidential candidate
    [/FONT]
  • Browntoa
    Browntoa Posts: 49,591 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    meh that was just a template he posted i assume as there isn't anything wrong at all!

    Go back into firefox > tools > options and set your homepage to whatever you liek (i.e www.google.co.uk) and carry on with life :p

    all the fixes PChelpman posted are valid ???

    why do you think there is nothing wrong ??

    ps...hit the "Thanks" button in error....count it as a "Thanks for nothing" , takes ages to read through those logs properly to help people out, comments like that make people think we post fixes for the joy of it :(
    Ex forum ambassador

    Long term forum member
  • Katerina_sa
    Katerina_sa Posts: 50 Forumite
    Good evening,

    thanks very much for your replies. I really appreciate your help.

    pchelpman wrote:

    Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.[Remember to reverse this and re-hide these files when your computer is fixed]

    DONE THIS !!
    _________________________________________
    Download CWShredder here…..

    http://www.subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41

    THE SYSTEM WAS CLEAN


    Download CleanUp! here….. http://www.cleanup.stevengould.org/ .......

    DONE THIS TOO !!

    Open HijackThis ... click in scan ... oput a tick/check mark nexct top the following ewntreies IF they are still precent (make sure you get all of them you can see) ...

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    R3 - Default URLSearchHook is missing

    O1 - Hosts: 169.254.169.253 dcwgr

    Please remember to close all other windows, including browsers, before clicking “Fix checked”.

    DONE THIS AND I CHECKED THE ABOVE (removed).


    If you have a fast internet connection (Broadband) run online scans here….

    http://www.pandasoftware.com/activescan

    …and here…..

    ]http://housecall.trendmicro.com

    FIREFOX HAD PROBLEMS RUNNING THE ABOVE SCANS. I USED INTERNET EXPLORER. THE RESULTS ARE:



    Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp
    Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1BA.tmp
    Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq247.tmp
    Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp
    Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp
    Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp
    Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp


    AND

    Detected vulnerabilities
    Office 2000 UA Control Vulnerability
    RTF Document Linked to Template Can Run Macros Without Warning



    Please post a fresh HijackThis log so that we can check if your system is clean.

    NEW HIJACKTHIS LOG:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:45:13, on 05/07/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: !!30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145573230234
    O16 - DPF: !!7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37300.cab
    O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: !!9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
  • Chippy_Minton
    Chippy_Minton Posts: 3,339 Forumite
    Detected vulnerabilities
    Office 2000 UA Control Vulnerability
    RTF Document Linked to Template Can Run Macros Without Warning
    Both these can be fixed by going to http://officeupdate.microsoft.com/ (using IE) and checking for updates.
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    Uninstall Microsoft Antispyware and install the new version, now called Windows Defender --> http://www.microsoft.com/athome/security/spyware/software/default.mspx.
  • Browntoa
    Browntoa Posts: 49,591 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    and the cookies are just "tracking" cookies, nothing bad there,

    Spybot from

    http://www.safer-networking.org/en/download/index.html

    or ewido from

    http://www.ewido.net/en/download/

    will remove them
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.8K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.8K Work, Benefits & Business
  • 619.6K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.