Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Classroom Urusc


  • Please log in to reply
1 reply to this topic

#1 urusc

urusc

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 24 August 2004 - 02:20 AM

Logfile of HijackThis v1.97.7
Scan saved at 9.32.29, on 24/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\eoiiyv.exe
C:\WINDOWS\System32\wuamgrd.exe
C:\Programmi\File comuni\ACD Systems\IT\DevDetect.exe
D:\UTILITA\Astatix Launcher\AL.exe
D:\UTILITA\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\dirote.exe
C:\WINDOWS\System32\dirote.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\LINO\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmyrequest.com/hp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmyrequest.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 64.237.45.18 ad.doubleclick.net
O1 - Hosts: 64.237.45.18 aff.weatherbug.com
O1 - Hosts: 64.237.45.18 www.burstnet.com
O1 - Hosts: 64.237.45.18 oz.valueclick.com
O1 - Hosts: 64.237.45.18 a.tribalfusion.com
O1 - Hosts: 64.237.45.18 servedby.advertising.com
O1 - Hosts: 64.237.45.18 my.search
O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
O1 - Hosts: 209.87.155.230 date.com
O1 - Hosts: 209.87.155.230 dating.com
O1 - Hosts: 209.87.155.230 freedating.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILITA\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vcssuyurvncw] C:\WINDOWS\System32\eoiiyv.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nnet.exe] C:\WINDOWS\System32\nnet.exe
O4 - HKLM\..\Run: [Device Detector] "C:\Programmi\File comuni\ACD Systems\IT\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [Sys] C:\windows\system32\winfmw32.exe
O4 - HKLM\..\Run: [ls0zg3w3kn] c:\temp33.exe
O4 - HKLM\..\Run: [spzoolxkxd] C:\WINDOWS\System32\f1ght.exe C:\WINDOWS\System32\dirote.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\RunServices: [nnet.exe] C:\WINDOWS\System32\nnet.exe
O4 - HKCU\..\Run: [Astatix Launcher] D:\UTILITA\Astatix Launcher\AL.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] wuamgrd.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\UTILITA\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\UTILITA\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://69.57.146.110...chm::/11449.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://64.200.26.76/...m::/painter.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8207.3408217593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...t/cabs/ffvg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{198D8666-F2C4-425F-AE2E-2CA28C5EA09A}: NameServer = 62.211.69.150 212.48.4.15

    Advertisements

Register to Remove


#2 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 24 August 2004 - 08:27 AM

Greetings and welcome to TomCoyote.org!

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Download the LATEST version of HijackThis into this folder.

If required a tutorial is here = Hijackthis Folder Tutorial

Links to Hijack This! v 1.98.2:

http://tools.radiosp.../HijackThis.exe
http://tools.radiosp.../hijackthis.zip
http://www.downloads.../hijackthis.zip
http://tools.zerosrealm.com/hjt.zip
http://spywarewarrio.../hijackthis.zip
http://spywarewarrio.../HijackThis.exe

Please download and run Spybot-Search&Destroy and Ad-Aware; they are the standard programs for finding and cleaning malware off your system. Here are links to both programs, and instructions for their use.

Get Spybot - Search & Destroy from http://security.kolla.de (This is the NEW Version 1.3)
Get AdAware 6 from http://www.lavasoft....upport/download

Download and install these programs in their own PERMANENT folders if you don't already have them. If you do have them, make sure they are UPDATED AND CONFIGURED AS DESCRIBED.

To run Spybot S&D:

After installing first press "Online", click on "Search for Updates", then select all updates. Beside the download button is a little down-pointed arrow, which gives you a choice of several download sites; select one of the servers listed (the Australian server usually works well). Now, press "Download Updates." If that site doesn't work or you get an error message, try a different server.

When the updates are finished, close your browser and ALL WINDOWS EXCEPT THE ONE SPYBOT IS RUNNING IN, then press 'Check for Problems'; THE SCAN WILL TAKE SEVERAL MINUTES. Have SpyBot remove all it finds THAT ARE MARKED IN RED. When it's finished, REBOOT your system.

Get AdAware 6 from http://www.lavasoft....upport/download

Then, Run ADAWARE:

Before you scan with AdAware, ALWAYS check for updates of the reference file by using the "webupdate" button at the lower right of the panel. Updates for this program come out frequently to keep up with new malware. THIS IS CRITICAL; updating is as important as installing these programs.

Then ........
Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......
click "Use custom scanning options>Customize" and have these options ON: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........
go to settings(the gear icon on top of AdAware)>Tweak>Scanning engine and click "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.
To scan, click NEXT. This scan will also take several minutes.

When the scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press "next" and then say YES to the prompt, "do you want to remove all these entries?" Reboot again.

Next, please try these free online virus scans of your system:

Trend-Micro:
http://housecall.tre.../start_corp.asp

Panda:
http://www.pandasoft...com/activescan/

Etrust:
http://www3.ca.com/s...sinfo/scan.aspx

Choose fix or clean.

Let them remove any infections found. Reboot inbetween each scan.

After the last scan, reboot and post a new log file in this thread, and we'll deal with any malware remnants left over :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users