« previous next »
Pages: [1]   Go Down

Author Topic: HijackThis/Spyware gurus needed  (Read 291 times)

Offline mason22

  • Gold Member
  • *****
  • Posts: 2654
HijackThis/Spyware gurus needed
« on: May 26, 2004, 09:46:07 PM »
got a bad one the other day, and have most of it cleared up, but i have this annoying BHO (i assume) that jacks with my google or yahoo or any other search i try. below is my hijackthis logfile:

Logfile of HijackThis v1.97.7
Scan saved at 9:24:46 PM, on 5/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 4.0\Acrobat\Acrobat.exe
C:\Documents and Settings\Jeff\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll (file missing)
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - (no file)
O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll (file missing)
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\ST\Drv\saicnfig.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37949.9312847222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{E30753AB-FCAD-4A41-9021-BD6888AD8DE4}: NameServer = 151.164.20.201 151.164.11.201

any help on what to remove/fix vs. what to leave is appreaciated.
Logged

Offline Roscoroo

  • Plutonium Member
  • *******
  • Posts: 8424
      • http://www.roscoroo.com/
HijackThis/Spyware gurus needed
« Reply #1 on: May 26, 2004, 10:34:53 PM »
You have either  Trojan_onenet.A , the sasser worm or something similar ...



http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=lsass%2Eexe&alt=lsass%2Eexe

This will get you heading in the right direction


if you got an extra search engine added to your browser then you have this puppy hidding in your pc

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VNAME=TROJ_ONENET.A

Use the trend micro online virous scanner it may be able to pin point the exact bug you have

http://housecall.trendmicro.com/

i know svchost.exe ,lsass.exe, are bugs  and i bet that smss.exe,services.exe and the spoolsv.exe are also bugs but im not shure .

Good luck
Logged
Roscoroo ,
"Of course at Uncle Teds restaurant , you have the option to shoot them yourself"  Ted Nugent
(=Ghosts=Scenariroo's  Patch donation

Offline Silat

  • Gold Member
  • *****
  • Posts: 2536
HijackThis/Spyware gurus needed
« Reply #2 on: May 27, 2004, 10:38:00 AM »
http://www.javacoolsoftware.com/downloads.html - download and install : SpywareBlaster and SpywareGuard
 
http://www.safer-networking.org/index.php?page=download -  Download and install Spybot - Search & Destroy 1.2  FREE
 
http://www.spywareinfo.com/~merijn/downloads.html - Download Hijackthis and CWShredder. Put them in a new folder named "Hijackthis". Put the folder on  c drive. This is important for proper logging of info when you get hijacked. FREE
 
http://www.lavasoftusa.com/support/download/ - Download the free version of Adaware and install. Or pay for the advanced version if you want. FREE
 
http://www.grisoft.com/us/us_dwnl_free.php - If you don't have an antivirus program and don't want to pay for one then get AVG . It is free and good. FREE
 
If you dont have an antivirus you can do free scans at http://housecall.antivirus.com/  or  http://www.pandasoftware.com/activescan/
 
 
SpywareBlaster, SpywareGuard, Spybot, Adaware, and AVG all need updating regularly.
 
Hijackthis and CWShredder also need updating but these should only be used when you have a problem. If you have a problem,you can contact me for help or go to the  http://help.lockergnome.com/index.php?showforum=50 and click on the "HIJACKTHIS LOGS" forums. Register and post your problem. An expert will get to you within a few days to guide you to a clean machine :)
 
Contact me if you need help:) I can call you.
 
                                                                   Lew/+Silat
Logged
+Silat
"The first time someone shows you who they are, believe them." — Maya Angelou
"Conservatism offers no redress for the present, and makes no preparation for the future." B. Disraeli
"All that serves labor serves the nation. All that harms labor is treason."

Offline DAVENRINO

  • Silver Member
  • ****
  • Posts: 1084
HijackThis/Spyware gurus needed
« Reply #3 on: May 27, 2004, 01:10:47 PM »
Since I started using SpywareBlaster, AdAware finds zero items.
DJ229 - AIR MAFIA
Logged
DAVE aka DJ229-AIR MAFIA
CH USB HOTAS/ONKYO 705 7.2 SURROUND SOUND/ 60" SONY A3000 SXRD  TV
Pages: [1]   Go Up
« previous next »