possible virus/spyware

  1. 29-07-2004  #1
    timbo
    timbo is offline Full Member

    Question possible virus/spyware

    i have recently installed xp from 98se, i put in anti virus systems b4 connecting to the net but it has posed a problem, with nortons and avg i cannot get new virus updates, i got rid of one, worm/agobot, it stopped me from accessing the anti virus software but am still worried i am infected heavily, thanks for your time and help in advance, my hijack this log is as follows

    Logfile of HijackThis v1.98.0
    Scan saved at 4:03:59 PM, on 29/07/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Telstra\Cable Login\bpcable.exe
    C:\WINDOWS\System32\caj.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
    C:\WINDOWS\System32\rsvp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\timbo\My Documents\downloads\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0c09
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [Internet Explore Updates] caj.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] winno.exe
    O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [Intel pro nic manager] crssI.exe
    O4 - HKLM\..\RunServices: [Internet Explore Updates] caj.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] winno.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Internet Explore Updates] caj.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] winno.exe
    O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

  3. 29-07-2004  #2
    Nirvana
    Nirvana is offline Elite Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hi Timbo. Restart HijackThis and put checks next to the following, close all browser windows (including this one) then click on 'Fix Checked':

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redi...er=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redi...er=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redi....0&plcid=0x0c09

    O4 - HKLM\..\Run: [Internet Explore Updates] caj.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] winno.exe
    O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe


    O4 - HKLM\..\RunServices: [Internet Explore Updates] caj.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] winno.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe

    O4 - HKCU\..\Run: [Internet Explore Updates] caj.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] winno.exe
    O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

    Make sure you have Set Windows to show Hidden Files & Folders, then reboot into safe mode then run a search for and delete:

    caj.exe, winno.exe and msconfg.exe

    Click here to make sure that you have the latest patches for Windows. Click here to get the latest version of Internet Explorer. It's very important to keep your system up to date to avoid unnecessary security risks.

    Reboot, then post another log and tell us how things are running.
+ Reply to Thread
« Another About:Blank victim | comp messed up, Hijackthis logs (Resolved) »