Google Answers: Hijack this log file results help

View Question

Q: Hijack this log file results help ( No Answer, 1 Comment )

Question

Subject: Hijack this log file results help
Category: Computers > Security
Asked by: igr43-ga
List Price: $5.00

Posted: 08 Jan 2006 11:26 PST
Expires: 10 Jan 2006 05:55 PST
Question ID: 430778

Can someone help with my "hijack this" log file results. The problem i have is that any random webpage i am viewing will freeze and not even the task manager will not be able to move it. i am using windows xp.
Request for Question Clarification by livioflores-ga on 08 Jan 2006 18:10 PST Hi!! I can help you, just post the HJT log as a question clarification, I will analize it and tell you if you must fix something; for help in using HJT see this page: http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#HowToUse Just post the log without fix anything. Regards, livioflores-ga
Clarification of Question by igr43-ga on 08 Jan 2006 19:02 PST THANK YOU for your reply. logfile below hereas requested................ - Logfile of HijackThis v1.99.1 Scan saved at 02:53:43, on 09/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\NVATray.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\DICO-800\DICO-800\Dvr.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Print!\print!.exe C:\Program Files\DICO-800\DICO-800\VidChat.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Directory 4 for hijackthis VERY GOOD EFFECTIVE.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://neword.com/adw.html?s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://neword.com/adw.html?s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://neword.com/adw.html?s R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://uk.search.yahoo.com R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m O4 - HKCU\..\Run: [CoffeeCup Spam Blocker] "C:\Documents and Settings\Ian\Application Data\CoffeeCup Software\CoffeeCup Spam Blocker\SpamBlocker.exe" -min O4 - HKCU\..\Run: [Spam Bully for Outlook Express] "C:\Program Files\Axaware\Spam Bully 2 for OE\oespambully.exe" install O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Check for ContinuumClient Updates.lnk = C:\Program Files\Quote.com\ContinuumClient\UNWISE.EXE O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: DICO-800.lnk = C:\Program Files\DICO-800\DICO-800\Dvr.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Print!.lnk = C:\Program Files\Print!\print!.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for ôå: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O14 - IERESET.INF: SearchAssistant= O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Request for Question Clarification by livioflores-ga on 08 Jan 2006 21:26 PST Hi!! Please do the following: If you have enabled the System Restore Feature, please disable that; visit the page below if you need instructions. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam Now scan your computer online with the following tools from Trend Micro: (do all the tasks: virus scan, spyware scan and download CWShredder to remove CoolWebSearch, this is a common pestware that is usually present on infected computers). Let these tools remove all that they find. http://housecall.trendmicro.com/ and http://www.trendmicro.com/spyware-scan/ Then download and install the trial version of EWIDO (it works like a full featured version for 14 days, after that the only features that will not work are autoupdate and realtime protection, you can use it to scan and remove pests): http://download.ewido.net/ewido-setup.exe ·Install ewido security suite ·Launch ewido, there should be a big E icon on your desktop, double-click it. ·The program will prompt you to update click the OK button ·The program will now go to the main screen You will need to update ewido to the latest definition files. ·On the left hand side of the main screen click update ·Click on Start The update will start and a progress bar will show the updates being installed. ·After the updates are installed, exit Ewido. ALTERNATIVE METHOD FOR UPDATE: Download the last full database signature installer and run it (download from the Full Database button, not from the Daily Signatures button: http://www.ewido.net/en/download/updates/ Don't do anymore yet. Now reboot in Safe mode, if you need instructions on this visit the link below: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam Now in Safe Mode: ·Run Ewido. -Click on scanner -Make sure the following boxes are checked before scanning: º Binder º Crypter º Archives -Click on Start Scan Let the program scan the machine. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK. Once the scan has completed, there will be a button located on the bottom of the screen named Save report: ·Click Save report ·Save the report to your desktop ·Exit Ewido Now run HijackThis and click on th Scan Button, from the list select the following items if still present: R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://neword.com/adw.html?s R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://neword.com/adw.html?s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://neword.com/adw.html?s O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab Click on the Fix button and let HJT work. Reboot in Normal Mode and check how is your computer working. Post a fresh HJT log and tell me how is your PC working. Regards, livioflores-ga
Clarification of Question by igr43-ga on 09 Jan 2006 06:39 PST hello Thanks but i have tried your link: http://housecall.trendmicro.com/ I followed the onscreen procedure as-"Opening trend micro house call" then -"transfering data" BUT it was STILL "transfering data" for 1 hour and 50 minutes later. Something is not quite right there i am sure.
Request for Question Clarification by livioflores-ga on 09 Jan 2006 23:32 PST Just skip such step and follow the rest of the procedure. Good luck!!!

Answer

There is no answer at this time.

Comments

Subject: Re: Hijack this log file results help
From: mister4u-ga on 09 Jan 2006 07:28 PST

Here is an an analysis of your logfile

http://hijackthis.de/logfiles/27837e9a506a38acbb020fdd660f3110.html
You can do it yoursel here
http://hijackthis.de/index.php?langselect=english

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy