HijackThis log -- could someone please comment?

  1. 15-06-2005  #1
    nesprinha
    nesprinha is offline Newbie

    HijackThis log -- could someone please comment?

    Despite many efforts, ever since we've got broadband we seem to have problems with viruses popping up and can't get rid of them. I would really appreciate any advice you can give. Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 10:54:50, on 15/06/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\CTsvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv50.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\xpjava.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\CTHELPER.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [regmgr32nt] msbin32.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
    O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [Windows Compliant] lzykqt.exe
    O4 - HKLM\..\Run: [Win Update Microsoft] winmode.exe
    O4 - HKLM\..\Run: [Boot Manager] bootmng.exe
    O4 - HKLM\..\Run: [Microsofts MediaScope] winmep.exe
    O4 - HKLM\..\RunServices: [regmgr32nt] msbin32.exe
    O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmep.exe
    O4 - HKLM\..\RunServices: [Boot Manager] bootmng.exe
    O4 - HKLM\..\RunServices: [Win Update Microsoft] winmode.exe
    O4 - HKLM\..\RunServices: [Windows Compliant] lzykqt.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [regmgr32nt] msbin32.exe
    O4 - HKCU\..\Run: [Windows Compliant] lzykqt.exe
    O4 - HKCU\..\Run: [Boot Manager] bootmng.exe
    O4 - HKCU\..\Run: [Win Update Microsoft] winmode.exe
    O4 - HKCU\..\RunServices: [regmgr32nt] msbin32.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv50.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

    Thanks again!
  2. 15-06-2005  #2
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hello,nesprinha & Welcome

    Ok first thing i need for you to do is move HijackThis
    from where you have it & place it in a Folder in C:\Drive like so C:\HJT

    Press control-alt-delete to get into the task manager and end the follow processes if they exist:
    xpjava.exe
    msbin32.exe
    lzykqt.exe
    bootmng.exe
    winmep.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

    Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
    AdTools Service

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O4 - HKLM\..\Run: [regmgr32nt] msbin32.exe
    O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
    O4 - HKLM\..\Run: [Windows Compliant] lzykqt.exe
    O4 - HKLM\..\Run: [Boot Manager] bootmng.exe
    O4 - HKLM\..\Run: [Microsofts MediaScope] winmep.exe
    O4 - HKLM\..\RunServices: [regmgr32nt] msbin32.exe
    O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmep.exe
    O4 - HKLM\..\RunServices: [Boot Manager] bootmng.exe
    O4 - HKLM\..\RunServices: [Windows Compliant] lzykqt.exe
    O4 - HKCU\..\Run: [regmgr32nt] msbin32.exe
    O4 - HKCU\..\Run: [Windows Compliant] lzykqt.exe
    O4 - HKCU\..\Run: [Boot Manager] bootmng.exe
    O4 - HKCU\..\RunServices: [regmgr32nt] msbin32.exe

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following files\folders IF still present:
    C:\Program Files\AdTools Service\<---This folder
    C:\WINNT\system32\xpjava.exe<---This file

    Stell in Safe Mode do a file Search for these if found delete them

    msbin32.exe
    lzykqt.exe
    bootmng.exe
    winmep.exe

    Then do this here

    Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.

    HGD

    Then let us know how it is doing & show us new logfile
    Last edited by HJThis; 15-06-2005 at 07:50 PM.
+ Reply to Thread
« System Freezing & Blue Screen Problems | Pleeeeze Help »