| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 76875 | 2007-02-19 06:13:00 | Hijack This Log For Analysis Please | Term_X (560) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 525685 | 2007-02-19 06:13:00 | Hi Team Silly me, opened up a dodgy executable which resulted in the Brave Sentry (you are infected with a virus) malware virus. The popups have gone but net access is quite slow and saw that webhancer is in the log, so apart from that, what else needs to be checked for removal? WinCap is also in there for capturing video/audio streams (in case some suggested to remove that). That 010 looks dodgy first time seeing that and a few of them as well too. Help much appreciated, im running XP SP 2. Logfile of HijackThis v1.99.1Scan saved at 6:59:08 PM, on 2/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE E:\Program Files\NetLimiter 2 Pro\nlsvc.exe E:\WINDOWS\system32\tcpsvcs.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\fxssvc.exe E:\Program Files\NetLimiter 2 Pro\NLClient.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\Program Files\ASUS\WLAN Card Utilities\Center.exe E:\Program Files\Common Files\{F05B682E-0725-1033-0116-040311060001}\Update.exe E:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe E:\Program Files\Logitech\SetPoint\SetPoint.exe E:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE E:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe E:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe E:\WINDOWS\explorer.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\WINDOWS\system32\WISPTIS.EXE E:\Program Files\MSN Messenger\msnmsgr.exe E:\Program Files\MSN Messenger\usnsvc.exe E:\Software\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6EB44576-605F-F026-90C3-07BBB82F2D64} - E:\WINDOWS\system32\xfolush.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TKTS System - {A717DBE3-D78D-4aa7-BDCF-2CC06B36371B} - E:\WINDOWS\Policies.dll O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - E:\PROGRA~1\COMMON~1\{305B6~2\Bar888.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - E:\Program Files\webHancer\programs\whiehlpr.dll O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - E:\PROGRA~1\COMMON~1\{305B6~2\Bar888.dll O4 - HKLM\..\Run: [ioloDelayModule] "E:\Program Files\iolo\System Mechanic Professional 6\delay.exe" O4 - HKLM\..\Run: [ avast! ] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Control Center] E:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKCU\..\Run: [SMSystemAnalyzer] "E:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [ Yahoo! Pager] "E:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Hijacked Internet access by WebHancer O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\ Yahoo! \Common\yinsthelper.dll O20 - Winlogon Notify: winsys2freg - E:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll O21 - SSODL: DCOM Server 37389 - {2C1CD3D7-86AC-4068-93BC-A02304B37389} - E:\WINDOWS\system32\bnknllp.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TVersityMediaServer - Unknown owner - E:\Program Files\TVersity\Media Server\MediaServer.exe |
Term_X (560) | ||
| 525686 | 2007-02-19 06:25:00 | Run HJT again tick these entries and tick fix checked. Close browser/s O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - E:\PROGRA~1\COMMON~1\{305B6~2\Bar888.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - E:\Program Files\webHancer\programs\whiehlpr.dll O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - E:\PROGRA~1\COMMON~1\{305B6~2\Bar888.dll O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file |
Speedy Gonzales (78) | ||
| 525687 | 2007-02-19 06:31:00 | And uninstall ALL versions of Sun Java and get the updated Java in my sig below. | Speedy Gonzales (78) | ||
| 525688 | 2007-02-19 06:40:00 | Stupid server keeps lagging and keeps cutting out my text! Run HJT again tick these entries and tick fix checked. Close browser/s O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - E:\PROGRA~1\COMMON~1\{305B6~2\Bar888.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - E:\Program Files\webHancer\programs\whiehlpr.dll O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - E:\PROGRA~1\COMMON~1\{305B6~2\Bar888.dll O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: e:\windows\system32\msnetax.d |
Speedy Gonzales (78) | ||
| 525689 | 2007-02-19 06:40:00 | In fact, get everything in Speedys sig. | pctek (84) | ||
| 525690 | 2007-02-19 07:33:00 | Cheers Speedy Running sweet now! And you're right pctek, i think i will get everything in his signature Thanks heaps for the help |
Term_X (560) | ||
| 525691 | 2007-02-19 07:48:00 | No worries, arrgghh I see it cut my text again :badpc: | Speedy Gonzales (78) | ||
| 1 | |||||