| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 65511 | 2006-01-20 20:10:00 | malware and spyware | ptopz (4662) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 422880 | 2006-01-20 20:10:00 | Greetings. My PC is (again) infected with a multitude of spyware and malware and pop-ups and is running slowly. A copy of a hijack this logfile is below. Can someone please advise what is best to do? I am happy to buy something that will clean me up and keep me clean if I know it is any good. Cheers. Logfile of HijackThis v1.99.1 Scan saved at 9:15:50 a.m., on 21/01/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\system32\CTsvcCDA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\mssearchnet.exe C:\WINNT\system32\nvctrl.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Media Access\MediaAccess.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I3T1. EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\MultiMedia Keyboard Drv\kb_2k.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\anon1\LOCALS~1\Temp\Rar$EX01.547\Hijac kThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtra.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Xtra O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINNT\system32\hp9A0A.tmp O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I3T1. EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Multimedia Keyboard Driver.lnk = C:\Program Files\MultiMedia Keyboard Drv\kb_2k.exe O8 - Extra context menu item: Download with &Etomi - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\office\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - www.drivershq.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - www.pcpitstop.com O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - antu.popcap.com O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe |
ptopz (4662) | ||
| 422881 | 2006-01-20 20:18:00 | Have a look at the FAQs about makware/spyware/hijackings and get those recommended programs and run them in the recommended way and you will be off to a good start. | mark c (247) | ||
| 422882 | 2006-01-20 20:28:00 | I suggest you read the information at this site regarding rogue spyware products. I see you are using some that are not recommended. www.spywarewarrior.com Before you install any spyware programs make sure they are reputable and trustworthy and some are listed at that site as well as information on how to avoid infection. |
Safari (3993) | ||
| 422883 | 2006-01-20 20:29:00 | Disable system restore, boot into safe mode, and run hijackthis again. Tick these entries and tick fix checked. C:\WINNT\system32\mssearchnet.exe Maybe this (securityresponse.symantec.com) C:\WINNT\system32\nvctrl.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe Look in add / remove programs. Uninstall Media Access. O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINNT\system32\hp9A0A.tmp O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing) O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe - Part of Media Access. Once you've uninstalled Media Access, delete its folder, in C:\program files\Media Access O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing) Try this (dl.filekicker.com) from here (www.simplysup.com) Run this click on scan, then select the 3rd-7th option under the utilities menu. Post another HJT log after u do the above. |
Speedy Gonzales (78) | ||
| 422884 | 2006-01-23 04:39:00 | Thanks for all that. How do I disable system restore (win2k)? | ptopz (4662) | ||
| 422885 | 2006-01-23 04:44:00 | Hmm good question. I dont think Windows 2k has system restore. Only Windows ME and XP use it. I didnt have it long enough to use it, if its there. Just boot into safe mode, and tick the previous entries in my previous post. Then reboot. |
Speedy Gonzales (78) | ||
| 422886 | 2006-01-23 04:58:00 | No system restore on Win2K for sure. | zqwerty (97) | ||
| 422887 | 2006-01-23 05:47:00 | This will be the only way to clean out mssearchnet . exe which is a part of SpyAxe virus/malware . Download smitRem . exe ( . geekstogo . com/click%20counter/click . php?id=1" target="_blank">noahdfear . geekstogo . com) and save the file to your desktop . Double click on the file to extract it to it's own folder on the desktop . Open the smitRem folder, then double click the RunThis . bat file to start the tool . Follow the prompts on screen . Wait for the tool to complete and disk cleanup to finish . Post a new log when done . |
Pancake (6359) | ||
| 1 | |||||