Forum Home
Press F1

Thread ID: 70219	2006-06-26 04:27:00	Hijack this assistance required please	Oldferix (5581)	Press F1

Post ID	Timestamp	Content	User
466164	2006-06-26 04:27:00	Our computer seems to be running slower -- is it my imagination, or do I have spyware? Could a more knowledgeable person than I analyse this 'Hijack this' log please? Logfile of HijackThis v1.99.1 Scan saved at 3:11:38 p.m., on 26/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Dynalink\Adsl\dslstat.exe C:\Program Files\Dynalink\Adsl\dslagent.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\PROGRA~1\WINZIP32\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orcon.net.nz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orcon Residential O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Dynalink\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Dynalink\Adsl\dslagent.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .aiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.0 Combo Control) - www.frogprints.co.nz O17 - HKLM\System\CCS\Services\Tcpip\..\{0837A134-C671-49D3-A4FE-CEC3CE4B60B2}: NameServer = 60.234.1.1 60.234.2.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{0837A134-C671-49D3-A4FE-CEC3CE4B60B2}: NameServer = 60.234.1.1 60.234.2.2 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe	Oldferix (5581)
466165	2006-06-26 05:38:00	Hi There is nothing hostile in the log.Its clean.No malware.have a good cleanup. Do a defrag first.... ..... and then Run Disk Cleanup Click "Start > Programs > Accessories > System Tools > Disk Cleanup" Please make sure the following are checked: -- Downloaded Program Files -- Temporary Internet Files -- Recycle Bin -- Temporary Files Click "OK" and Disk Cleanup will delete those files for you. followed by this... Download Ewido Anti-Malware (download.ewido.net) Install Ewido Anti-Malware Double-click the icon on Desktop to launch EwidoYou will need to update Ewido to the latest definition files. On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update Ewido. (download.ewido.net) When you have finished updating, EXIT Ewido. Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears. In Safe Mode,run Ewido. Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine Then click Apply all actions	Pancake (6359)
466166	2006-06-26 08:31:00	I did as you suggested and Ewido found 74 malware objects - which are quarantined. Thanks Pancake. Peace of mind and reassured, In appreciation, Oldferix	Oldferix (5581)
466167	2006-06-26 09:30:00	your welcome.	Pancake (6359)
1