|
| ||
| My other half's HiJackThis log, please help Yes her computer is becoming infested with all sorts of crap from the internet, particularly stubborn are "Derbiz" and "ebates money maker" who both seem to reappear after being deleted either on AdAware or Spybot. I know it's gonna be an uphill struggle because I can't be there all day to make sure she keeps her virus software up to date all the time but I thought you good people might be able to offer some help if i post her hijackthis log. Thanks Kris Logfile of HijackThis v1.99.1 Scan saved at 22:59:44, on 04/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\AVPersonal\AVSCHED32.EXE C:\WINDOWS\System32\winupdt.exe C:\WINDOWS\usxhs.exe C:\WINDOWS\System32\rnamrr.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\COMMON~1\rqmr\rqmrm.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\System32\faspro.exe C:\WINDOWS\System32\faspro.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Piolet\Piolet.exe C:\Program Files\AOL Companion\companion.exe C:\WINDOWS\System32\inseng.exe C:\Documents and Settings\Vickie\Desktop\DADA'S Utilities\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe O4 - HKLM\..\Run: [c8YCifF] C:\WINDOWS\usxhs.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rnamrr.exe O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitetbm32.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\uk_nm.exe -N O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [rqmr] C:\PROGRA~1\COMMON~1\rqmr\rqmrm.exe O4 - HKCU\..\Run: [inseng] C:\WINDOWS\System32\inseng.exe O4 - HKCU\..\Run: [faspro] C:\WINDOWS\System32\faspro.exe O4 - HKCU\..\RunOnce: [faspro] C:\WINDOWS\System32\faspro.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: Fortune Bingo by pogo - http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c139.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol.pogo.com/game/deluxe/zuma...ploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2BB5EAD9-17C3-4E45-BBFF-1CFF54D021F4}: NameServer = 205.188.146.145 O17 - HKLM\System\CS2\Services\Tcpip\..\{2BB5EAD9-17C3-4E45-BBFF-1CFF54D021F4}: NameServer = 205.188.146.145 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE |
| ||
| Re: My other half's HiJackThis log, please help Download rkfiles.zip http://skads.org/special/rkfiles.zip Unzip the contents to a permanent folder. Reboot in Safe mode. Doubleclick rkfiles.bat It will scan for a while, so please be patient. Wait till the DOS window closes and reboot back to normal mode. To save some time, could you please have all the files that rkfiles finds uploaded for an online scan here; http://virusscan.jotti.org/ Post the contents of C:\log.txt in your next reply. |
| ||
| Re: My other half's HiJackThis log, please help You can check your Computer with 5,000,000 Anti-Virus-Softwares and spend $20,000 for it, as long as you surf the Internet with the Internet Explorer and activated ActiveX & ActiveScripting, it will be Sisyphus work. Michael |
| ||
| Re: My other half's HiJackThis log, please help I uploaded the file to that virus checker site and it found nothing. Here's the log: C:\Documents and Settings\Vickie\Desktop\New Folder PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\system32\AUNPS2.dll: UPX! C:\WINDOWS\system32\faspro.exe: UPX! C:\WINDOWS\system32\naopn.dll: UPX! C:\WINDOWS\system32\pgehppp.dll: UPX! C:\WINDOWS\system32\qvgbq.dat: UPX! C:\WINDOWS\system32\rnamrr.exe: UPX! C:\WINDOWS\system32\rpen.exe: UPX! C:\WINDOWS\system32\skytown.exe: UPX! C:\WINDOWS\system32\thin-94-1-x-x.exe: UPX! C:\WINDOWS\system32\winup2date.dll: UPX! C:\WINDOWS\system32\winupdt.exe: UPX! C:\WINDOWS\system32\wmconfig.cpl: UPX! C:\WINDOWS\system32\elitebon32.exe: FSG! C:\WINDOWS\system32\elitecoc32.exe: FSG! C:\WINDOWS\system32\eliteduj32.exe: FSG! C:\WINDOWS\system32\elitedzm32.exe: FSG! C:\WINDOWS\system32\eliterse32.exe: FSG! C:\WINDOWS\system32\elitersk32.exe: FSG! C:\WINDOWS\system32\elitesla32.exe: FSG! C:\WINDOWS\system32\elitetbm32.exe: FSG! C:\WINDOWS\system32\elitevjd32.exe: FSG! C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 C:\WINDOWS\system32\oembios.bin: peC2"y)Q Files Found in all users startup Folder............ ------------------------ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dtup.exe: UPX! Files Found in all users windows Folder............ ------------------------ C:\WINDOWS\farmmext.exe: UPX! C:\WINDOWS\nem220.dll: UPX! C:\WINDOWS\sideb.exe: UPX! C:\WINDOWS\tct101.dll: UPX! C:\WINDOWS\usxhs.exe: UPX! Finished bye LOL I take it that log has some baddies in it? |
| ||
| Re: My other half's HiJackThis log, please help Quote:
And you should ensure that a browser such as Mozilla, Firefox or Opera is installed and set as 'default', with the security settings adequately configured. That way, you don't need to be there all day. :D |
| ||
| Re: My other half's HiJackThis log, please help kriskarrera. I needed you to upload every file that rkfiles found :D. |
| ||
| Re: My other half's HiJackThis log, please help Quote:
|
| ||
| Re: My other half's HiJackThis log, please help No. In post #2 I provided a link to an online scanner where you can have the file's scanned one at a time :D. |
| ||
| Re: My other half's HiJackThis log, please help I'm in a rush, I've copied those files to disc and i'll scan them on that site later and report back here but can I just add that I ran Adaware on her pc earlier and something nasty popped up and took away some of the nasties I was about to delete!! I can't believe that some evil git has even made something that can hijack adaware! |
| ||
| Re: My other half's HiJackThis log, please help Ad-aware Cloak 1.0 is designed to allow Ad-aware to open fully when there are items on the system which close Ad-aware when it attempts to start, such as some CoolWebSearch variants. To use Ad-aware Cloak, save it to your system, and run the program before opening Ad-aware. Once Ad-aware Cloak opens, click "Activate Cloak" and then open Ad-aware and scan as normal. When you are done using Ad-aware, close Ad-aware Cloak. Further Information Download the free Ad-aware Cloak program: AAWCloak |
| All times are GMT -4. The time now is 7:07 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC