Anybody advise on this Hijackthis log?

in Techie Stuff
4 replies 559 views
Ran this after a clean boot. I still have some kind of virus/spyware that hasn't been spotted by Ad-aware, Spybot,EZ ,AVG and lots of others.
I have restored back to delivery state - PC now 3 days old.





Logfile of HijackThis v1.99.1
Scan saved at 18:49:06, on 30/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Jacqui\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107963243203

Replies

  • Joe_BloggsJoe_Bloggs Forumite
    4.5K Posts
    You can have http://www.hijackthis.de/en analyse your log file.
    Do you have effective firewall settings ? What are the symptoms of the attacks.
    J_B.
  • squeakysqueaky Forumite
    14.1K Posts
    10,000 Posts Combo Breaker I'm a Volunteer Ambassador
    Forumite
    Joe's advice is right.

    You've got loads of toolbar and search bar entries there and there are none in mine at all. They might all be interfering with each other.

    The hi-jack team might be able to tell you which ones are doing what.
    Hi, I'm a Board Guide on the Old Style and the Consumer Rights boards which means I'm a volunteer to help the boards run smoothly and can move and merge posts there. Board guides are not moderators and don't read every post. If you spot an inappropriate or illegal post then please report it to [email protected]. It is not part of my role to deal with reportable posts. Any views are mine and are not the official line of MoneySavingExpert.
    Never ascribe to malice that which is adequately explained by incompetence.
    DTFAC: Y.T.D = £5.20 Apr £0.50
  • barginunterbarginunter Forumite
    1.3K Posts
    Joe_Bloggs wrote:
    You can have http://www.hijackthis.de/en analyse your log file.
    Do you have effective firewall settings ? What are the symptoms of the attacks.
    J_B.


    Each window I open - the IE Favorites list switches on and off every time I move the mouse making clicking on anything very hit and miss.

    I'll try the Hijack people later - thanks.
  • squeakysqueaky Forumite
    14.1K Posts
    10,000 Posts Combo Breaker I'm a Volunteer Ambassador
    Forumite
    It really could just be that you have too many IE search tools competing against each other for time.

    Check all the toolbar and search bar entries for removal by hijack this and try your browser again.

    If it's still as bad - then send a new log to hijack this as suggested earlier.
    Hi, I'm a Board Guide on the Old Style and the Consumer Rights boards which means I'm a volunteer to help the boards run smoothly and can move and merge posts there. Board guides are not moderators and don't read every post. If you spot an inappropriate or illegal post then please report it to [email protected]. It is not part of my role to deal with reportable posts. Any views are mine and are not the official line of MoneySavingExpert.
    Never ascribe to malice that which is adequately explained by incompetence.
    DTFAC: Y.T.D = £5.20 Apr £0.50
This discussion has been closed.
Latest MSE News and Guides

Boost your Nectar points

Get up to £25 in bonus points

MSE News

Ask an Expert: Scams

Watch MSE Katie's answers to your questions

MSE Forum

Hot Diamonds 40% off code

Including already-reduced outlet stock

MSE Deals