hijack this log

  1. 30-10-2004  #1
    dresden
    dresden is offline Newbie

    hijack this log

    Logfile of HijackThis v1.98.2
    Scan saved at 10:27:40 AM, on 10/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Theo Lhoquin\Desktop\hijackthis.exe

    R3 - Default URLSearchHook is missing
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
    O4 - HKLM\..\Run: [app] C:\WINDOWS\System32\app
    O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
    O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
    O4 - HKLM\..\Run: [Gfkicc] C:\WINDOWS\Djwm.exe
    O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
    O4 - HKCU\..\Run: [d0spRUY7P] rbqntlog.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (file missing)
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
    O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
  2. 30-10-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    I can see problems in that log, but I like users to tell me what problems they are experiencing...
  3. 31-10-2004  #3
    dresden
    dresden is offline Newbie
    sorry for the lack of an explanation, i was in a rush and didn't know if it would be crucial to explain further or not.

    for the last three days or so (and strictly in that timeframe, as before then i had experienced nothing out of the ordinary), i've been experiencing a noticeable lack of functionality from a lot of the programs i run - programs not responding, not loading, et cetera (which may or may not be due to spyware or anything related - i run the hell out of this machine, i'll admit).

    also, i've been getting pop-ups at an intimidating rate, whereas before i wouldn't see one for months. as far as i know, no programs expired or were deleted to cause this.

    programs have been appearing on my desktop, ranging from "free casino games!" to "build your own president george w. bush". et cetera ad infinitum. i'll remove them through my control panels, but they reappear (usually by the end of the night).

    i've run spybot and adaware at least a dozen times each, and while they claim to quarantine and delete the infections, they turn up something new each time they run thereafter - even if i run two searches back-to-back using the same program. also tried spydoctor and a couple other assorted spyware deletion utilities from download.com, but they've had the same result, obviously.

    suppose that's about it.
  4. 01-11-2004  #4
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Hello again,
    Thanks for the explanation.

    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R3 - Default URLSearchHook is missing
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
    O4 - HKLM\..\Run: [app] C:\WINDOWS\System32\app
    O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
    O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
    O4 - HKLM\..\Run: [Gfkicc] C:\WINDOWS\Djwm.exe
    O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
    O4 - HKCU\..\Run: [d0spRUY7P] rbqntlog.exe

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files and folders:
    C:\WINDOWS\System32\wintask.exe
    C:\WINDOWS\System32\app
    C:\Program Files\CSBB
    C:\WINDOWS\pgtaff.exe
    C:\Documents and Settings\All User\Application Data\Pribi

    Reboot and post a fresh log
+ Reply to Thread
« newbie sending logfile of hijack this | Need help with about:blank »