help hijack log

  1. 12-12-2004  #1
    jlawless
    jlawless is offline Newbie

    Angry help hijack log

    I have run sybot, adware, avg antivirus, and I still have spyware.
    Internet connection is always active even when i am not running any
    programs. Also computer is running very slow. here is my hijack log.
    thanks for any help.

    Logfile of HijackThis v1.98.2
    Scan saved at 3:51:49 PM, on 12/12/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\PROGRA~1\MESSEN~1\msmsgs.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\MOZILL~1\firefox.exe
    C:\Documents and Settings\Jacob\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\System32\InetCntrl\PopupKil\BsafeBHO.dl l
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07267a1b...p/RdxIE601.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{400761A8-FF82-4874-ADA2-6A0D206478E4}: NameServer = 216.165.129.157 216.170.153.146
  2. 13-12-2004  #2
    HJM
    HJM is offline Valued Member
    Run an online virus scan at TrendMicro using the 'Autoclean' option and an Online Trojan Scan. Let them fix anything they find.


    Next, close all windows and browsers, run HJT again and check mark the following:-

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
    {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07267a1...ip/RdxIE601.cab

    Click FIX CHECKED



    Set Windows to 'Show all files & folders'.
    Click Start > My Computer> Tools> Folder Options>
    On the View tab make sure that you:-

    Select 'Show Hidden Files & Folders'
    Uncheck 'Hide file extensions for known file types'.
    Uncheck 'Hide protected operating system files'.
    Click OK.


    Reboot into Safe Mode.
    Tap F8 repeatedly when your machine starts to boot up.
    Select 'Safe Mode' from the options that appear.


    Go to C:\windows\system and delete blank.htm


    Clean out temporary files:
    * Go to Start | Run | type cleanmgr | OK
    * Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the ONLY things checked.
    * Let it scan your system for files to remove.
    * Press OK to remove them.


    Important
    Please go to
    Windows Updates, download and install the Service Pack and ALL Critical Updates.



    Reboot and post a fresh log letting me know how things are running.



    NOTE: O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing

    The above entry in your log is somewhat of a mystery to me at the moment. I cannot find any definitive answer as to why it is there or how to fix it (if indeed it needs fixing as your internet connection is still intact). The dll itself is for the Bsafe Internet Filter.

    Fixing the entry with HijackThis has no effect as does using LSPFix (which is usually the fix for such entries). It would appear in a few instances that uninstalling Bsafe and reinstalling also failed to replace the 'missing dll' while manually deleting the InetCntrl folder in C:windows\system32 will drop your internet connection completely.

    After you've updated windows and Internet Explorer to SP2, try uninstalling Bsafe to see if it makes any difference to the 'constantly active' internet connection and then reinstalling it to compare performance. I'll continue to do some digging on this in the meantime.
  3. 14-12-2004  #3
    owen
    owen is offline D-A-L Team Member (UK)
    Hi HJM,
    I believe its a bit of a bug with Hijack This has been said on the SWI Forums a few times. Hijack This will display Broken Internet Access, despite the fact that it is fine.
  4. 14-12-2004  #4
    HJM
    HJM is offline Valued Member
    You learn something new every day.

    Cheers
  5. 15-12-2004  #5
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    You certainly do
+ Reply to Thread
« compare dll dosent work | Pc slowing, Hijack This! errors. »