HijackThis! Log
-
HijackThis! Log
Hi, I hope someone can help me with this.
My browser has been hijacked! Argh! And I think that I have lots of spyware, adware and viruses, I have downloaded the following programs:
Spybot Search and Destroy
Ad-Aware
HijackThis!
Spyware Blaster v3.4
Reglite (I haven't used it though because it confuses me)
CWShredder (I haven't used this either yet because this forum has told me to wait for further instructions from you)
Here's my HijackThis! Log:
Logfile of HijackThis v1.99.1
Scan saved at 19:32:09, on 18/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Microsoft.NET\mfciis.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1B2AF770-BDAA-4954-8C48-3E07848E205A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {775E774F-65D7-4820-9C5D-AC8815AAA778} - C:\WINDOWS\System32\abek.dll
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\Owner\LOCALS~1\Temp\siicfm.dat
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunOnce: [*mfciis] C:\WINDOWS\Microsoft.NET\mfciis.exe rerun
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {33331111-1111-1111-1111-611111193457} -
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O18 - Filter: text/html - {7AE58CD3-F852-48F9-A819-76776E4B33C2} - C:\WINDOWS\System32\abek.dll
O18 - Filter: text/plain - {7AE58CD3-F852-48F9-A819-76776E4B33C2} - C:\WINDOWS\System32\abek.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mfciis - C:\DOCUME~1\Owner\LOCALS~1\Temp\siicfm.dat
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Any help at all is appreciated.
-
Hello,adrenochrome & Welcome
1)Please change the location of HijackThis.exe.
Create a new folder in your C: Drive
Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
This way you can undo any changes if something goes wrong
2)Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWShredder.exe
Download SpSeHjfix here:
http://www.derbilk.de/SpSeHjfix112.zip
Save it to the desktop and then right click a blank part of desktop & select new folder, call it spfix. Unzip the file into that folder
Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.
If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage
Now run the CWShredder - Hit The FIX button!
Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.
HGD
-
I have moved the file into the C: drive but the HijackThis icon is still on the desktop and I can't delete it.
-
Hi,adrenochrome
All you have to do is make a folder in C:\Drive like so C:\HJT
then just cut HijackThis.exe & then paste it in the folder
HGD
-
Ok, sorry to be a retard but how do I unzip the SpSeHjfix into the spfix folder?
-
Hi,adrenochrome
Ok not sure if you are using a zipfile program or not
but if you are using WinXP just right click on the SpSeHjfix112.zip
& windows will ask where you want to unzip to you say
spfix 
HGD
-
I am using XP but when I right click it doesn't say "unzip to" or anything like that. The folder does have a zip down it though.
The options when I right click are:
Open
Search...
Explore
Extract All...
Open With
Send to
Cut
Copy
Create Shortcut
Delete
Rename
Properties
-
Hi,adrenochrome
Yes Extract All to folder spfix
HGD
-
Logfile of HijackThis v1.99.1
Scan saved at 21:06:46, on 18/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\mfciis.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis!\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {1B2AF770-BDAA-4954-8C48-3E07848E205A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {775E774F-65D7-4820-9C5D-AC8815AAA778} - (no file)
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\Owner\LOCALS~1\Temp\siicfm.dat
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\RunOnce: [*mfciis] C:\WINDOWS\Microsoft.NET\mfciis.exe rerun
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {33331111-1111-1111-1111-611111193457} -
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mfciis - C:\DOCUME~1\Owner\LOCALS~1\Temp\siicfm.dat
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
(5/18/05 20:52:24) SPSeHjFix started v1.1.2
(5/18/05 20:52:24) OS: WinXP Service Pack 1 (5.1.2600)
(5/18/05 20:52:24) Language: english
(5/18/05 20:52:24) Win-Path: C:\WINDOWS
(5/18/05 20:52:24) System-Path: C:\WINDOWS\System32
(5/18/05 20:52:24) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(5/18/05 20:52:26) Disinfection started
(5/18/05 20:52:26) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(5/18/05 20:52:26) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\abek.dll
(5/18/05 20:52:26) Searchassistant Uninstaller - Keys Deleted
(5/18/05 20:52:26) UBF: 9 - UBB: 3 - UBR: 17
(5/18/05 20:52:26) FilterKey: HKCR\text/html (deleted)
(5/18/05 20:52:26) FilterKey: HKCR\CLSID\{7AE58CD3-F852-48F9-A819-76776E4B33C2} (deleted)
(5/18/05 20:52:26) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/18/05 20:52:26) FilterKey: HKCR\text/plain (deleted)
(5/18/05 20:52:26) FilterKey: HKCR\CLSID\{7AE58CD3-F852-48F9-A819-76776E4B33C2} (error while deleting)
(5/18/05 20:52:26) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/18/05 20:52:26) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{775E774F-65D7-4820-9C5D-AC8815AAA778} (deleted)
(5/18/05 20:52:26) BHO-Key: HKCR\CLSID\{775E774F-65D7-4820-9C5D-AC8815AAA778} (deleted)
(5/18/05 20:52:26) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run \sp=rundll32 C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(5/18/05 20:52:26) UBF: 7 - UBB: 2 - UBR: 16
(5/18/05 20:52:26) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\owner\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\owner\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/18/05 20:52:26) Stealth-String not found
(5/18/05 20:52:26) File added to delete: c:\windows\system32\abek.dll
(5/18/05 20:52:26) File added to delete: c:\docume~1\owner\locals~1\temp\se.dll
(5/18/05 20:52:26) Reboot
(5/18/05 20:53:21) SPSeHjFix started v1.1.2
(5/18/05 20:53:21) OS: WinXP Service Pack 1 (5.1.2600)
(5/18/05 20:53:21) Language: english
(5/18/05 20:53:21) Win-Path: C:\WINDOWS
(5/18/05 20:53:21) System-Path: C:\WINDOWS\System32
(5/18/05 20:53:21) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(5/18/05 20:54:00) Disinfection started
(5/18/05 20:54:00) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(5/18/05 20:54:00) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\abek.dll
(5/18/05 20:54:00) Searchassistant Uninstaller - Keys Deleted
(5/18/05 20:54:00) UBF: 9 - UBB: 3 - UBR: 17
(5/18/05 20:54:00) FilterKey: HKCR\text/html (deleted)
(5/18/05 20:54:00) FilterKey: HKCR\CLSID\{F77E2857-8089-421C-9F37-C4C87EEDCC14} (deleted)
(5/18/05 20:54:00) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/18/05 20:54:00) FilterKey: HKCR\text/plain (deleted)
(5/18/05 20:54:00) FilterKey: HKCR\CLSID\{F77E2857-8089-421C-9F37-C4C87EEDCC14} (error while deleting)
(5/18/05 20:54:00) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/18/05 20:54:00) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{478FD606-0AC1-4D45-BA5E-DD15959A0A13} (deleted)
(5/18/05 20:54:00) BHO-Key: HKCR\CLSID\{478FD606-0AC1-4D45-BA5E-DD15959A0A13} (deleted)
(5/18/05 20:54:00) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run \sp=rundll32 C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(5/18/05 20:54:00) UBF: 7 - UBB: 2 - UBR: 16
(5/18/05 20:54:00) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\owner\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\owner\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/18/05 20:54:00) Stealth-String not found
(5/18/05 20:54:00) File added to delete: c:\windows\system32\abek.dll
(5/18/05 20:54:00) File added to delete: c:\docume~1\owner\locals~1\temp\se.dll
(5/18/05 20:54:00) Reboot
(5/18/05 20:54:39) SPSeHjFix started v1.1.2
(5/18/05 20:54:39) OS: WinXP Service Pack 1 (5.1.2600)
(5/18/05 20:54:39) Language: english
(5/18/05 20:54:39) Win-Path: C:\WINDOWS
(5/18/05 20:54:39) System-Path: C:\WINDOWS\System32
(5/18/05 20:54:39) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(5/18/05 20:55:30) Disinfection started
(5/18/05 20:55:30) Bad-Dll(IEP): (not found)
(5/18/05 20:55:30) Bad-Dll(IEP) in BHO: (not found)
(5/18/05 20:55:30) UBF: 7 - UBB: 2 - UBR: 16
(5/18/05 20:55:30) UBF: 7 - UBB: 2 - UBR: 16
(5/18/05 20:55:31) Bad IE-pages: (none)
(5/18/05 20:55:31) Stealth-String not found
(5/18/05 20:55:31) Not infected->END
-
Junior Member
