| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 63314 | 2005-11-05 04:09:00 | New HJT Log | shake_it_off (9178) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 402025 | 2005-11-05 04:09:00 | Hey everyone, I'm coming to you via my notebook, just hoping someone could have a look at my log when theyre good and ready. Cheers ;) |
shake_it_off (9178) | ||
| 402026 | 2005-11-05 04:24:00 | Where's the log? | Speedy Gonzales (78) | ||
| 402027 | 2005-11-05 04:31:00 | Hmmm that was strange...Im pretty sure I posted it, anyway here it is again. This log probably has mega nastys, due to my foolish brother installing silly things. Thanks Logfile of HijackThis v1.99.1 Scan saved at 4:36:56 p.m., on 5/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\TWlkZ2UA\command.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\System32\khooker.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\BullsEye Network\bin\bargains.exe C:\WINDOWS\system32\msxct.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\ Yahoo! \MESSEN~1\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HijackThis\HijackThis.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = red.clientapps.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [msxct] msxct.exe O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ Yahoo! Pager] C:\PROGRA~1\ Yahoo! \MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [kuzf] C:\PROGRA~1\COMMON~1\kuzf\kuzfm.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - www.ysbweb.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - www.azebar.com O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\lvjo0913e.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlkZ2UA\command.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
shake_it_off (9178) | ||
| 402028 | 2005-11-05 05:15:00 | Geez this is worse than the last one lol Same procedure, like what u did before . Close browsers/tick the following . Tick fix checked . Reboot . And do this in safe mode, system restore off . C:\WINDOWS\TWlkZ2UA\command . exe Virus C:\Program Files\BullsEye Network\bin\bargains . exe C:\WINDOWS\system32\msxct . exe O4 - HKLM\ . . \Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains . exe O4 - HKLM\ . . \Run: [msxct] msxct . exe See if Bargain Buddy / The BullsEye Network is in add/remove programs . Uninstall it Use this to make sure its gone after . . symantec . com/avcenter/venc/data/adware . bargainbuddy . html" target="_blank">securityresponse . symantec . com Not sure if the removal tool is here or not . The link doesnt work . O4 - HKLM\ . . \Run: [msresearch] C:\windows\msresearch . exe Trojan / 180searchassistant O4 - HKLM\ . . \Run: [sp2update] C:\windows\sp2update00 . exe O4 - HKCU\ . . \Run: [kuzf] C:\PROGRA~1\COMMON~1\kuzf\kuzfm . exe O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - . ysbweb . com/ist/softwares/v4 . 0/ysb_cracks . cab" target="_blank">www . ysbweb . com O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - . azebar . com/install/azesearch . cab" target="_blank">www . azebar . com O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\lvjo0913e . dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlkZ2UA\command . exe O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4 . ocx |
Speedy Gonzales (78) | ||
| 402029 | 2005-11-05 05:53:00 | LOL I know my comps are really missed up :badpc: heres the log, hows it looking... Logfile of HijackThis v1.99.1 Scan saved at 6:37:08 p.m., on 5/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ Yahoo! Pager] C:\PROGRA~1\ Yahoo! \MESSEN~1\ypager.exe -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lv8009lme.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlkZ2UA\command.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Running the removal tool at the moment for that bloody barginbuddy garbage. |
shake_it_off (9178) | ||
| 402030 | 2005-11-05 06:05:00 | OK tick these entries / tick fix checked etc in safe mode as before and turn system restore off. Reboot, then post another log. O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lv8009lme.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlkZ2UA\command.exe (file missing) That should be it. |
Speedy Gonzales (78) | ||
| 402031 | 2005-11-05 06:11:00 | Wow thanks Speedy, your magic! Could you recommend a nice, no stress spyware/adware programme? as I'm still getting a few pop-ups, less than before . Cheers |
shake_it_off (9178) | ||
| 402032 | 2005-11-05 06:28:00 | Well I couldn't remove the last two...I might just have to put up with it huh. Thanks again Speedy :D |
shake_it_off (9178) | ||
| 402033 | 2005-11-05 06:56:00 | No worries :) Umm, well you can get spybot, adaware, umm Ewido From here http://www . ewido . com and here http://www . safer-networking . org/ and here http://www . lavasoft . com If you get adaware, also get the Vx2 plugin, it may come in handy . Go to the above / click on add-ons . The plugins are on the right . There is also Xoftspy, but it wont remove anything until you register it . Try Ewido, some say its a pretty good program . . . . . |
Speedy Gonzales (78) | ||
| 1 | |||||