Sponsored By

Sign in to follow this  
StealthG

Spyware Problems Hjt Log

Recommended Posts

I ran spybot and ad-aware and they removed over 150 items on my brothers computer, I had to end processes from windows task manager in order to use the internet. And every time i reboot more items show up. Heres the log.

Logfile of HijackThis v1.98.2

Scan saved at 12:37:06 PM, on 9/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cvss.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\woinstall.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\MasterX\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe

O4 - HKLM\..\Run: [msbb] c:\windows\system32\msbb.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe

O4 - HKLM\..\Run: [sESync] "C:\Program Files\SED\SED.exe"

O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\keyword.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Tres] C:\Documents and Settings\MasterX\Application Data\hwal.exe

O4 - HKCU\..\Run: [Zgdmlpb] C:\WINDOWS\System32\zheoapdv.exe

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\ezStub.exe

O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...30654e7b5354c8d

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094402088846

Share this post


Link to post
Share on other sites

Here it is

Log for VX2.BetterInternet File Finder (msg126)

Files Found---

Additional Files---

C:\WINDOWS\System32\lspak.dll

Keys Under Notify---

crypt32chain

cryptnet

cscdll

ScCertProp

Schedule

sclgntfy

SensLogn

termsrv

wlballoon

Guardian Key--- is called:

User Agent String---

{A3BC3BEF-9DF1-45D3-8B48-F8DA59675884}

Share this post


Link to post
Share on other sites

Heres the new one

Log for VX2.BetterInternet File Finder

Files Found---

Guardian Key--- is called:

User Agent String---

{A3BC3BEF-9DF1-45D3-8B48-F8DA59675884}

Share this post


Link to post
Share on other sites

Thank you subratam, heres the new hjt log.

Logfile of HijackThis v1.98.2

Scan saved at 2:50:31 PM, on 9/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\cvss.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\MasterX\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [msbb] c:\windows\system32\msbb.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...30654e7b5354c8d

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094402088846

Share this post


Link to post
Share on other sites

Removed those two entries and ran both spybot and ad-aware heres the new one:

Logfile of HijackThis v1.98.2

Scan saved at 8:18:32 PM, on 9/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\cvss.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\MasterX\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094402088846

Share this post


Link to post
Share on other sites

Are you still having any more problems.

Fix this entry O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) and post a fresh log.

Regards

Share this post


Link to post
Share on other sites

I am having no more problems, but heres the new hjt log.

Logfile of HijackThis v1.98.2

Scan saved at 9:30:12 PM, on 9/6/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\cvss.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\MasterX\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094402088846

Share this post


Link to post
Share on other sites

Hi,

This file is really bothering me (what's in red).

C:\WINDOWS\System32\cvss.exe

Run Spybot and Ad-aware one more time and make sure they have the most up to date definitions. Make sure you have Ad-aware SE 1.04 the newest version.

Then post a new logfile.

B

Share this post


Link to post
Share on other sites

Thank you besttechie:

Logfile of HijackThis v1.98.2

Scan saved at 3:58:25 PM, on 9/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32 Explorer.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\MasterX\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094402088846

Share this post


Link to post
Share on other sites

Ok, you look clean now. Just do one thing put HJT in a permanent folder for example:

C:\HijackThis\HijackThis.exe

This way you can make backups.

Now you are clean.

B

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this