| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 56127 | 2005-03-28 02:22:00 | Help, my internet has been taken over! | milkit (7724) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 338696 | 2005-03-28 04:29:00 | Not sure what I am supposed to post, I think it is this though? Logfile of HijackThis v1.99.1 Scan saved at 9:02:52 PM, on 27/03/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\POWERSTRIP\PSTRIP.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE C:\WINDOWS\STISVSQ.EXE C:\WINDOWS\SVSHOST.EXE C:\WINDOWS\MSQDEVL.EXE C:\WINDOWS\LSSAS.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\IAU.EXE C:\WINDOWS\MSERVICE.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://127.0.0.1:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [WeatherOnTray] C:\PROGRAM FILES\HOTBAR\BIN\4.5.0.0\WEATHERONTRAY.EXE O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\HOTBAR\BIN\450~1.0\SBInst.exe O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe O4 - HKLM\..\Run: [Games Acceleration] svshost.exe O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe O4 - HKCU\..\Run: [Games Acceleration] svshost.exe O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - www5.incredimail.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - www.ravantivirus.com |
milkit (7724) | ||
| 338697 | 2005-03-28 05:05:00 | R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://127.0.0.1:8080 O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\HOTBAR\BIN\450~1.0\SBInst.exe O4 - HKLM\..\Run: [WeatherOnTray] C:\PROGRAM FILES\HOTBAR\BIN\4.5.0.0\WEATHERONTRAY.EXE O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe O4 - HKLM\..\Run: [Games Acceleration] svshost.exe not to sure about O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe remove those and make sure they are not running at startup. |
tweak'e (69) | ||
| 338698 | 2005-03-28 05:14:00 | You got those right Tweake heres the rest Running processes: C:\WINDOWS\STISVSQ.EXE This is adware C:\WINDOWS\SVSHOST.EXE This is Adware C:\WINDOWS\MSQDEVL.EXE This is Adware C:\WINDOWS\LSSAS.EXE This is adware Go here www.sarc.com C:\WINDOWS\IAU.EXE This looks like spyware. IE Accelerator. Remove it C:\WINDOWS\MSERVICE.EXE This is adaware as above R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://127.0.0.1:8080 Remove this O4 - HKLM\..\Run: [WeatherOnTray] C:\PROGRAM FILES\HOTBAR\BIN\4.5.0.0\WEATHERONTRAY.EXE O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\HOTBAR\BIN\450~1.0\SBInst.exe This is spyware - remove it O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe Uninstall this if its in add/remove programs. Its adware O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe Remove this O4 - HKLM\..\Run: [Games Acceleration] svshost.exe Remove this O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe Remove this O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe remove this O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe Remove this O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe Tick and remove this O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe tick and remove this O4 - HKCU\..\Run: [Games Acceleration] svshost.exe remove this O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe Remove these Tick and select fix these then reboot. |
Speedy Gonzales (78) | ||
| 338699 | 2005-03-28 05:21:00 | Hi milkit I have merged your duplicate thread with the hijackthis log in it, into this original thread. Having two separate threads running with the same log in it will only cause confusion and will make it difficult for people to help. Best things are kept all in the one thread. :) |
Jen (38) | ||
| 338700 | 2005-03-28 06:04:00 | After 4+ hours my computer is fixed. Deleting those things from my hijack list worked and my internet works again. I want to give a big thank you to everybody that helped especially speedy. It gets very frustrating trying to fix a computer when you dont know anything about them. THANK YOU +100000000000000000000000000000!!!!! I appreciate all your peoples time in helping me out. Good karma to all of you! |
milkit (7724) | ||
| 338701 | 2005-03-28 06:40:00 | No worries Milkit :) Just be careful, what u get / download and run. Happy surfing! |
Speedy Gonzales (78) | ||
| 338702 | 2005-03-28 07:01:00 | If you are in the mood Speedy,could you have a look at my log? | Cicero (40) | ||
| 338703 | 2005-03-28 07:03:00 | This one is Troj/Small-RN, very nasty. I don't see any instruction above to remove it, but you should. O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe Instructions here www.sophos.com |
godfather (25) | ||
| 338704 | 2005-03-28 07:07:00 | Oops thanx for the one I missed there GF. Just sent Milkit a PM, just in case he/she doesnt come back to this post. This is also part of the trojan O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe - tick and fix this Post away Cicero. make another post Cicero |
Speedy Gonzales (78) | ||
| 1 2 | |||||