Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Help Me Please with Hijack This Log

968 views 6 replies 4 participants last post by  Kerri Ann 
#1 ·
Hello...I hope I'm not doing this post wrong.....this is my first time on this website...I'm really really hoping someone can help me.....I've just downloaded Hijack this...and the log came up...I have no idea what it means...can someone please help me...I'm a noob at this stuff...so please explain to me throughly....Please save my computer....

here is my log....

Logfile of HijackThis v1.97.2
Scan saved at 1:00:40 AM, on 29/09/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WSLOADER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALEVENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\ATI\ATIDESK\ATISCHED.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\A\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yyep.com/search/search02.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportsnet.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://209.61.165.65/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yyep.com/search/search02.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BMail Installation] C:\Program Files\iMesh\Client\FTP_back.exe
O4 - HKLM\..\Run: [setFTPBack] C:\WINDOWS\SYSTEM\createsw.exe
O4 - HKLM\..\Run: [$EnterNet] C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\EnterNet.exe -AutoStart
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [b3dUpdate] C:\WINDOWS\BDE\Update\Zupdate.EXE -silent -p "C:\WINDOWS\BDE\Update" -s setup.cab
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Lavasoft Adwatch] C:\PROGRAM FILES\LAVASOFT AD-AWARE PLUS\AD-WATCH.EXE /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - Startup: ATISched.lnk = C:\ATI\ATIDESK\atisched.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - User Startup: ATISched.lnk = C:\ATI\ATIDESK\atisched.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://stream10k.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {69A4F9FF-E915-11D5-A9F1-009099104002} (XDialer Class) - http://www.pctlca.com/XDialer2.CAB
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central.clevercontent.com/02030035/cccabs/CleverContent.cab
O16 - DPF: {D7E30BC5-D09F-11D5-8B4B-00D0B7094C65} (PersonalVideoManager2 Control) - http://www.crezio.com/cgi/vmark/bin/activex/PersonalVideoManager2.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37878.3793171296
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

btw...when I was just checking through this site and pressed the back button my Norton Antivirus picked up a virus...something to do with a file called attnvg.exe....does that help you??

Please help me...I'm soo worried...
 
See less See more
#2 ·
ok, you need spybot s&d. go to
http://security.kolla.de/
then download spybot s&d and run it by pressing the "check for problems button". don't change any of the programs settings yet. after it runs, click on "fix selected problems".
this program is free- and it works very well for me.
btw- do you have a firewall installed?
 
#3 ·
oh, and then do an online virus scan. just do a google search for "online virus scan". i use housecall.
 
#4 ·
More information on exactly what kind of problem(s) you are experiencing would be necessary before anyone can help you! :confused: Download 'Spybot Search and Destroy' from security.kolla.de, update it and run it, let it fix any problems it finds like your Attnvg.exe issue. :up:
 
#6 ·
Welcome to T.S.G Seoulkid:)

Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything
.....then,close all browser and outlook windows and "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yyep.com/search/search02.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://209.61.165.65/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yyep.com/search/search02.html
O4 - HKLM\..\Run: [BMail Installation] C:\Program Files\iMesh\Client\FTP_back.exe
O4 - HKLM\..\Run: [setFTPBack] C:\WINDOWS\SYSTEM\createsw.exe
O4 - HKLM\..\Run: [b3dUpdate] C:\WINDOWS\BDE\Update\Zupdate.EXE -silent -p "C:\WINDOWS\BDE\Update" -s setup.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://stream10k.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {69A4F9FF-E915-11D5-A9F1-009099104002} (XDialer Class) - http://www.pctlca.com/XDialer2.CAB
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab

Re-boot into safe mode( By tapping the F8 key as windows boots up)
and delete :
C:\WINDOWS\BDE [FOLDER]
C:\WINDOWS\SYSTEM\createsw.exe
C:\Program Files\iMesh (FOLDER)

Can you check this out C:\WINDOWS\SYSTEM\WSLOADER.EXE
Find the file..right click it and choose the "properties"..."version" tabs and note any information in that window.
(Unless you know what this file is)

After that go here and scan on-line:http://housecall.trendmicro.com/

Then....
Spybot Search & Destroy http://beam.to/spybotsd

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows...... hit 'Check for Problems', and have SpyBot remove/fix all it finds.

Reboot

:)]
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top