944,180 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > hijack this log after running it succesfully, also getting unknown log files and icon
Ad:
Permalink
Apr 25th, 2006
0

hijack this log after running it succesfully, also getting unknown log files and icon

Expand Post »
Hi friends,

i had this prosearaching.com problem and followed the procedure given by joeoneeye and giving you the fresh hijackthis log file.

iam also getting a unknown log file in the name logDAPIE IN THE Desktop while i am using the internet. alsoa please see the highlighted portion of hijackthis log and tell me is everything is ok.

iam not a computer professional so i needed a step by step guidance.

Logfile of HijackThis v1.99.1
Scan saved at 6:02:28 PM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\Downloaded Program Files\smss.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\utility\anti spy\hijack this\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O17 - HKLM\System\CCS\Services\Tcpip\..\{09907A92-0714-499C-BD5B-43EB68BB6DF1}: NameServer = 203.145.184.13 203.145.184.32
O17 - HKLM\System\CS1\Services\Tcpip\..\{09907A92-0714-499C-BD5B-43EB68BB6DF1}: NameServer = 203.145.184.13 203.145.184.32
O20 - Winlogon Notify: winskf32 - C:\WINDOWS\SYSTEM32\winskf32.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
micky7899 is offline Offline
8 posts
since Apr 2006
Permalink
Apr 25th, 2006
0

Re: hijack this log after running it succesfully, also getting unknown log files and icon

Start out by getting rid of NewDot Net this is a browerser HiJacker, here is a link to help you.
http://articles.networktechs.com/400-p1.php

smss.exe should be running in the system32 folder, run a virus scan on it, this may be a virus.

Do this then re run HiJack this file
Reputation Points: 10
Solved Threads: 4
Junior Poster in Training
richh0323 is offline Offline
79 posts
since Dec 2004
Permalink
Apr 25th, 2006
0

Re: hijack this log after running it succesfully, also getting unknown log files and

Hi, please run HJT again and select, Do system scan only. Then check the following.

O20 - Winlogon Notify: winskf32 - C:\WINDOWS\SYSTEM32\winskf32.dll

O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing)



Click Fix Checked

Then please go to Start>Control Panel>Add/Remove Programs Uninstall (if found):

NewDotNet

New.Net

If after uninstalling you lose internet connection please download WinsockXPFix (WinXP only) and run it.

----------------------------------------------------------
Please download the trial version of Ewido Security Suite here:

http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Please run Ewido,and save the logfile from the scan

Post back the results here, with a new HJT log.
Team Colleague
Reputation Points: 84
Solved Threads: 99
<Insert title here>
tayspen is offline Offline
1,542 posts
since Jul 2005
Permalink
Apr 26th, 2006
0

new hjt log file help if everything is ok

As suggested A i have posted my new HJT log,

please see if everything is ok.

ALSO STILL IAM GETTING A LOG FILE BY THE NAME logDAPIE ,WHENEVER IAM STARTING MY INTERNET EXPLORER THIS FILE GETS TO MY DESKTOP HELP WITH THIS
Logfile of HijackThis v1.99.1
Scan saved at 12:50:16 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\utility\anti spy\hijack this\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
micky7899 is offline Offline
8 posts
since Apr 2006
Permalink
Apr 26th, 2006
0

Re: hijack this log after running it succesfully, also getting unknown log files and icon

Looks good except for this entry
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing)

Check this out and repair if needed
Reputation Points: 10
Solved Threads: 4
Junior Poster in Training
richh0323 is offline Offline
79 posts
since Dec 2004
Permalink
Apr 26th, 2006
0

Re: hijack this log after running it succesfully, also getting unknown log files and icon

the PRTG Traffic Grapher i have uninstalled long back even after uninstallation some files were sitting in C:\Documents and Settings\krt\Application Data which i have deleted manually, but iam unable to remove the following part
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing) usig HJT i have also seen a registry entry for Paessler Router Traffic Grapher and removed manually
but iam not sure whether more regitry entries for the same exist.

Any how thanks for your help.
i will put the ewido log file later for final checkup for problems.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
micky7899 is offline Offline
8 posts
since Apr 2006

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: My HiJack This Log Please could any one tell me why i have so many of wfwall1.exe
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: unknown log file in desktop whenever starting internet explorer





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC