DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   I need help with my hi-jack log I dont know what fix (or delete) and what not. (http://www.daniweb.com/forums/thread27343.html)

the_joker Jul 4th, 2005 3:25 pm
I need help with my hi-jack log I dont know what fix (or delete) and what not.
 
This is my hi-jack this log....Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 20:24:42, on 04.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\Sony\ISB Utility\ISBMgr.exe
C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\atlec32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Bernd\Desktop\My Folder\WinMX\WinMX.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\Bernd\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjefu.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjefu.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rjefu.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjefu.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjefu.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjefu.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F286FAB0-1824-81BA-564A-D85155CF4A67} - C:\WINDOWS\ipfr.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [atlec32.exe] C:\WINDOWS\atlec32.exe
O4 - HKLM\..\RunOnce: [ntbj.exe] C:\WINDOWS\system32\ntbj.exe
O4 - HKLM\..\RunOnce: [javacq32.exe] C:\WINDOWS\system32\javacq32.exe
O4 - HKLM\..\RunOnce: [iehm32.exe] C:\WINDOWS\iehm32.exe
O4 - HKLM\..\RunOnce: [netex32.exe] C:\WINDOWS\netex32.exe
O4 - HKLM\..\RunOnce: [iejq.exe] C:\WINDOWS\system32\iejq.exe
O4 - HKLM\..\RunOnce: [javayk.exe] C:\WINDOWS\javayk.exe
O4 - HKLM\..\RunOnce: [iesc.exe] C:\WINDOWS\iesc.exe
O4 - HKLM\..\RunOnce: [d3we.exe] C:\WINDOWS\d3we.exe
O4 - HKLM\..\RunOnce: [javasn32.exe] C:\WINDOWS\system32\javasn32.exe
O4 - HKLM\..\RunOnce: [appwg32.exe] C:\WINDOWS\system32\appwg32.exe
O4 - HKLM\..\RunOnce: [d3ni.exe] C:\WINDOWS\d3ni.exe
O4 - HKLM\..\RunOnce: [apiyv.exe] C:\WINDOWS\apiyv.exe
O4 - HKLM\..\RunOnce: [ntwc32.exe] C:\WINDOWS\ntwc32.exe
O4 - HKLM\..\RunOnce: [syszg32.exe] C:\WINDOWS\system32\syszg32.exe
O4 - HKLM\..\RunOnce: [msgb.exe] C:\WINDOWS\system32\msgb.exe
O4 - HKLM\..\RunOnce: [sdkuc32.exe] C:\WINDOWS\system32\sdkuc32.exe
O4 - HKLM\..\RunOnce: [addjx32.exe] C:\WINDOWS\system32\addjx32.exe
O4 - HKLM\..\RunOnce: [mfcob.exe] C:\WINDOWS\mfcob.exe
O4 - HKLM\..\RunOnce: [msce.exe] C:\WINDOWS\msce.exe
O4 - HKLM\..\RunOnce: [javapj.exe] C:\WINDOWS\system32\javapj.exe
O4 - HKLM\..\RunOnce: [ipcp.exe] C:\WINDOWS\ipcp.exe
O4 - HKLM\..\RunOnce: [ipur.exe] C:\WINDOWS\ipur.exe
O4 - HKLM\..\RunOnce: [sdkxm32.exe] C:\WINDOWS\system32\sdkxm32.exe
O4 - HKLM\..\RunOnce: [sysvf32.exe] C:\WINDOWS\sysvf32.exe
O4 - HKLM\..\RunOnce: [neten32.exe] C:\WINDOWS\neten32.exe
O4 - HKLM\..\RunOnce: [netmo32.exe] C:\WINDOWS\netmo32.exe
O4 - HKLM\..\RunOnce: [appwm.exe] C:\WINDOWS\appwm.exe
O4 - HKLM\..\RunOnce: [appkb32.exe] C:\WINDOWS\system32\appkb32.exe
O4 - HKLM\..\RunOnce: [javalr32.exe] C:\WINDOWS\javalr32.exe
O4 - HKLM\..\RunOnce: [netwh32.exe] C:\WINDOWS\system32\netwh32.exe
O4 - HKLM\..\RunOnce: [javabp32.exe] C:\WINDOWS\javabp32.exe
O4 - HKLM\..\RunOnce: [syspb32.exe] C:\WINDOWS\syspb32.exe
O4 - HKLM\..\RunOnce: [apibb.exe] C:\WINDOWS\apibb.exe
O4 - HKLM\..\RunOnce: [sdkjs.exe] C:\WINDOWS\sdkjs.exe
O4 - HKLM\..\RunOnce: [sdkpr.exe] C:\WINDOWS\system32\sdkpr.exe
O4 - HKLM\..\RunOnce: [netcw.exe] C:\WINDOWS\system32\netcw.exe
O4 - HKLM\..\RunOnce: [ntiy.exe] C:\WINDOWS\system32\ntiy.exe
O4 - HKLM\..\RunOnce: [javaeg.exe] C:\WINDOWS\javaeg.exe
O4 - HKLM\..\RunOnce: [sysjn32.exe] C:\WINDOWS\sysjn32.exe
O4 - HKLM\..\RunOnce: [appzv32.exe] C:\WINDOWS\appzv32.exe
O4 - HKLM\..\RunOnce: [addne32.exe] C:\WINDOWS\addne32.exe
O4 - HKLM\..\RunOnce: [ntpi32.exe] C:\WINDOWS\system32\ntpi32.exe
O4 - HKLM\..\RunOnce: [sdkjb.exe] C:\WINDOWS\system32\sdkjb.exe
O4 - HKLM\..\RunOnce: [ienf.exe] C:\WINDOWS\ienf.exe
O4 - HKLM\..\RunOnce: [mfcrk32.exe] C:\WINDOWS\system32\mfcrk32.exe
O4 - HKLM\..\RunOnce: [apinn.exe] C:\WINDOWS\apinn.exe
O4 - HKLM\..\RunOnce: [winig32.exe] C:\WINDOWS\system32\winig32.exe
O4 - HKLM\..\RunOnce: [iewb32.exe] C:\WINDOWS\iewb32.exe
O4 - HKLM\..\RunOnce: [javafo.exe] C:\WINDOWS\javafo.exe
O4 - HKLM\..\RunOnce: [javauj32.exe] C:\WINDOWS\system32\javauj32.exe
O4 - HKLM\..\RunOnce: [msky32.exe] C:\WINDOWS\system32\msky32.exe
O4 - HKLM\..\RunOnce: [atlbx.exe] C:\WINDOWS\system32\atlbx.exe
O4 - HKLM\..\RunOnce: [sdkcz.exe] C:\WINDOWS\sdkcz.exe
O4 - HKLM\..\RunOnce: [ieah.exe] C:\WINDOWS\system32\ieah.exe
O4 - HKLM\..\RunOnce: [javaxq32.exe] C:\WINDOWS\system32\javaxq32.exe
O4 - HKLM\..\RunOnce: [mfccn.exe] C:\WINDOWS\mfccn.exe
O4 - HKLM\..\RunOnce: [sysvd32.exe] C:\WINDOWS\system32\sysvd32.exe
O4 - HKLM\..\RunOnce: [atlln32.exe] C:\WINDOWS\system32\atlln32.exe
O4 - HKLM\..\RunOnce: [apprk32.exe] C:\WINDOWS\apprk32.exe
O4 - HKLM\..\RunOnce: [atlzs32.exe] C:\WINDOWS\atlzs32.exe
O4 - HKLM\..\RunOnce: [addat.exe] C:\WINDOWS\system32\addat.exe
O4 - HKLM\..\RunOnce: [appqr.exe] C:\WINDOWS\appqr.exe
O4 - HKLM\..\RunOnce: [ntch32.exe] C:\WINDOWS\ntch32.exe
O4 - HKLM\..\RunOnce: [ntxy.exe] C:\WINDOWS\ntxy.exe
O4 - HKLM\..\RunOnce: [mfcsz32.exe] C:\WINDOWS\mfcsz32.exe
O4 - HKLM\..\RunOnce: [apilk.exe] C:\WINDOWS\apilk.exe
O4 - HKLM\..\RunOnce: [javavi32.exe] C:\WINDOWS\system32\javavi32.exe
O4 - HKLM\..\RunOnce: [d3sb32.exe] C:\WINDOWS\d3sb32.exe
O4 - HKLM\..\RunOnce: [sdkbb.exe] C:\WINDOWS\sdkbb.exe
O4 - HKLM\..\RunOnce: [ntox.exe] C:\WINDOWS\system32\ntox.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntbj.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programme\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

swatkat Jul 4th, 2005 3:41 pm
Re: I need help with my hi-jack log I dont know what fix (or delete) and what not.
 
Hi,
Perform an online virus scan at Panda ActiveScan and TrendMicro HouseCall. After each scan, save the log file that they give.

Download CleanUp! and install it, do not run it now.

Download CWShredder. Download 'SpSeHjfix'. to the Desktop and then right click a blank part of Desktop & select new folder, call it spfix unzip the file into that folder.

Disconnect from the net and Close ALL OPEN PROGRAMS.

Run SpSeHjfix and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.
If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage.
Now run the CWShredder, and click "Fix" button.

Now, run CleanUp!, click the "Options" button. Here move the "Quick Setup" slider to "Thorough CleanUp!" and click "OK" to warning message. Exit from Options and in the main window, click "CleanUp!" to start cleaning. After cleaning, click "Close" and choose "Yes" to restart the PC.

Reboot and post a fresh HJT log and the log that was created by SpSeHjfix. Also, post the Panda ActiveScan log and HouseCall log.

the_joker Jul 8th, 2005 6:18 pm
Re: I need help with my hi-jack log I dont know what fix (or delete) and what not.
 
This is what you wanted, but TrendMicro HouseCall and SpSeHjfix, I coudlnt run.

My fresh hijackthis log...
Logfile of HijackThis v1.99.1
Scan saved at 09:12:40, on 08.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\addlv32.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\Bernd\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dghja.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dghja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dghja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dghja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dghja.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dghja.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {A827FDF6-7434-EFEA-9E5D-52CD27934785} - C:\WINDOWS\system32\netui32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Class - {AF0D8C37-C5C6-C374-214B-A1BF8CA52108} - C:\WINDOWS\system32\atlko.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [javaqh.exe] C:\WINDOWS\javaqh.exe
O4 - HKLM\..\Run: [addlv32.exe] C:\WINDOWS\system32\addlv32.exe
O4 - HKLM\..\RunOnce: [ieey.exe] C:\WINDOWS\system32\ieey.exe
O4 - HKLM\..\RunOnce: [atlpu32.exe] C:\WINDOWS\atlpu32.exe
O4 - HKLM\..\RunOnce: [winbg32.exe] C:\WINDOWS\winbg32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyEmergency] "C:\Dokumente und Einstellungen\Bernd\Desktop\My Folder\Spy Emergency 2005\SpyEmergency.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ieey.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programme\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

my panda Active scan .....


Incident Status Location

Adware:Adware/SearchAid No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Only sex website.url
Adware:Adware/SearchAid No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Search the web.url
Adware:Adware/SearchAid No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Seven days of free porn.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Dokumente und Einstellungen\Bernd\Favoriten\Sites about\What is hydrocodone.url
Virus:Trj/Downloader.DIW Disinfected C:\WINDOWS\atlec32.exe
Virus:Trj/Pakes.AJ Disinfected C:\WINDOWS\d3yi32.exe
Virus:Trj/Pakes.AJ Disinfected C:\WINDOWS\sdkht.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\sdkwk.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\afdqd.dll
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\cdlrn.dll
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\iekn.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\javait.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\system32\oxzgt.dll
Virus:Trj/Pakes.AJ Disinfected C:\WINDOWS\system32\syssd32.exe Btw. Sorry, but i hadnt time so I write now and sorry for my english...I m not from english-spoken country. Please reply how can I uninstal home page and few pages from favorites... Thanks

swatkat Jul 9th, 2005 3:37 pm
Re: I need help with my hi-jack log I dont know what fix (or delete) and what not.
 
Hi,
Open NotePad, and copy the contents of the below "Code" box:-
cd %windir%

attrib -s -r -h dghja.dll

attrib -s -r -h javaqh.exe

attrib -s -r -h winbg32.exe

attrib -s -r -h atlpu32.exe

attrib -s -r -h atlec32.exe

attrib -s -r -h d3yi32.exe

attrib -s -r -h sdkht.exe

attrib -s -r -h sdkwk.exe

del sdkwk.exe

del sdkht.exe

del d3yi32.exe

del atlec32.exe

del javaqh.exe

del winbg32.exe

del atlpu32.exe

del dghja.dll

cd system32

attrib -s -r -h addlv32.exe

attrib -s -r -h netui32.dll

attrib -s -r -h atlko.dll

attrib -s -r -h ieey.exe

attrib -s -r -h afdqd.dll

attrib -s -r -h cdlrn.dll

attrib -s -r -h iekn.exe

attrib -s -r -h javait.exe

attrib -s -r -h oxzgt.dll

attrib -s -r -h syssd32.exe

del afdqd.dll

del cdlrn.dll

del iekn.exe

del javait.exe

del oxzgt.dll

del syssd32.exe

del addlv32.exe

del netui32.dll

del atlko.dll

del ieey.exe
Go to File Menu > Save As, and save the file with the name Test.bat and exit from NotePad.

Please print or save this Webpage.

Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options (Folder Option will be in View Menu in Win98).
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.

Download these Tools and install them:-
CleanUp!
WebRoot SpySweeper Trial
AboutBuster


Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dghja.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dghja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dghja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dghja.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dghja.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dghja.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A827FDF6-7434-EFEA-9E5D-52CD27934785} - C:\WINDOWS\system32\netui32.dll
O2 - BHO: Class - {AF0D8C37-C5C6-C374-214B-A1BF8CA52108} - C:\WINDOWS\system32\atlko.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [javaqh.exe] C:\WINDOWS\javaqh.exe
O4 - HKLM\..\Run: [addlv32.exe] C:\WINDOWS\system32\addlv32.exe
O4 - HKLM\..\RunOnce: [ieey.exe] C:\WINDOWS\system32\ieey.exe
O4 - HKLM\..\RunOnce: [atlpu32.exe] C:\WINDOWS\atlpu32.exe
O4 - HKLM\..\RunOnce: [winbg32.exe] C:\WINDOWS\winbg32.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ieey.exe" /s (file missing)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Exit from HijackThis, double-Click on the file Test.bat, a small DOS type window should open and close immediately.
Using the Windows Search feature, find this file and delete it:-
ALCMTR.EXE


Run CleanUp!:-
  • Click "Options" button, move the "Quick Setup" slider to "Thorough CleanUp!" and click "Yes" for the warning message and exit from Options.
  • Click "CleanUp!" to start cleaning.
  • After cleaning, click "Close", and choose "No" to avoid restart.

Run WebRoot SpySweeper:-
  • Click "Options" button.
  • Click "Sweep Options" tab, and here select all the Hard Disk Partitions.
  • In the "Where to sweep" option box, select "Sweep all folders on the selected drives".
  • In the "What to sweep" option box, make sure all the items are selected.
  • Then click "Sweep Now" button and click "Start" and remove any malware it may find.

Run AboutBuster:-
  • Click "Begin Removal".
  • Save the log file.

Go to Start > Run and type services.msc and press ENTER. In the Services window that opens up, navigate to the service named Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) and right-click it, and select "Properties".
In the Property window, click Stop in the "Service Status" option box. After this, in the "Startup" option box, select Disabled from the dropdown menu. Click "Apply" and then "OK". Exit from Services window.


Reboot to Normal Mode and run HijackThis again. Then click Do a System scan and save log, and post the fresh log along with About:Buster log.

Also, can you tell me, why you were not able to run SpSeHjFix?

the_joker Jul 9th, 2005 5:43 pm
Re: I need help with my hi-jack log I dont know what fix (or delete) and what not.
 
I think(I hope) I have done everithing what you wanted.
There are logs....

Hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 22:41:16, on 08.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOKUME~1\Bernd\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nvzcb.dll/sp.html#55135
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyEmergency] "C:\Dokumente und Einstellungen\Bernd\Desktop\My Folder\Spy Emergency 2005\SpyEmergency.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programme\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

And aboutBaster log....


AboutBuster 5.0 reference file 30
Scan started on [08.07.2005] at [22:29:09]
------------------------------------------------
Removed Stream! C:\WINDOWS\FaxSetup.log:yfifz
Removed Stream! C:\WINDOWS\setup.log:zqxfr
Removed Stream! C:\WINDOWS\_default.pif:bfxmu
------------------------------------------------
Removed File! : C:\Windows\System32\fsikg.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 22:29:36

swatkat Jul 10th, 2005 1:29 am
Re: I need help with my hi-jack log I dont know what fix (or delete) and what not.
 
Hi,
Open NotePad, and copy the contents of the below "Code" box:-
cd %windir%

attrib -s -r -h nvzcb.dll

del nvzcb.dll
Go to File Menu > Save As, and save the file with the name Test.bat and exit from NotePad.

Download and install VB 6 Runtime Files.
Next, download CWShredder , CleanUp!.

Next download SpSeHjFix, and unzip it to a folder on Desktop.

Boot in safe mode, disconnect from the net and Close ALL OPEN PROGRAMS.
Run SpSeHjfix112 and click on Start Disinfection. When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.
If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage
Now run the CWShredder, click Fix button!

Run CleanUp!, click "Options" button, move the "Quick Setup" slider to "Thorough CleanUp!" and click "Yes" for the warning message and exit from Options. Click "CleanUp!" to start cleaning. After cleaning, click "Close", and choose "NO" to avoid the restart.

Run HijackThis, and select this entry:-

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\nvzcb.dll/sp.html#55135

Then click "Fix Checked" in HijackThis. Exit from HijackThis, double-click on the file Test.bat.

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.


Note:- If you are not able to run SpSeHjFix, please post what happens when you click "Start Disinfection" or when you start the program.


All times are GMT -4. The time now is 7:52 pm.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC