Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Monday 1.9.2025 / 01:55
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > here's my hijackthis log - i know i got trojans
Show topics
 
Forums
Forums
Here's My Hijackthis Log - I know I got Trojans
  Jump to:
 
Posted Message
Eugene482
Member
_ 		28. April 2007 @ 17:36 _ Link to this message    Send private message to this user   
Ok, my Norton gives me a non responding program error, when I try to do a system scan so it kinda sucks. And it was the only anti virus that is installed on PC during the virus attack. I'll still try to install and scan my PC with AVG and such, but here's my log. When Norton was Working, I knew there was virus in WINDOWS folder when I got massive pop-ups and programs not responding to my mouse clicks (cpu wasn't even working).
My PC doesn't connect to internet for some reason too. (this is other PC, i hope I didn't infect it through flash memory).



Logfile of HijackThis v1.99.1
Scan saved at 1:28:34 AM, on 29/04/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ABBYY Lingvo\LvAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJ\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: GameSpot Deluxe Toolbar - {05b60808-39c2-45a8-b911-8a7efa7aaf81} - C:\Program Files\GameSpot Deluxe\tbGam1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: GameSpot Deluxe Toolbar - {05b60808-39c2-45a8-b911-8a7efa7aaf81} - C:\Program Files\GameSpot Deluxe\tbGam1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7f9cead0-d251-46fe-9aa2-f8199764800a} - C:\WINDOWS\system32\kbddpo.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Personal firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: GameSpot Deluxe Toolbar - {05b60808-39c2-45a8-b911-8a7efa7aaf81} - C:\Program Files\GameSpot Deluxe\tbGam1.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\ddbyyw.dll",realset
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: ABBYY Lingvo 7.0 Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22b1e1303b7d...ip/RdxIE601.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: kbddpo - C:\WINDOWS\SYSTEM32\kbddpo.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE





I hope to find help. Thanks. I would also like to know if there are any registry cleaners for free to speed my pc up.
[ + quote]
^_^ no sig.

This message has been edited since posting. Last time this message was edited on 28. April 2007 @ 17:37
Advertisement
_ 		__
Fredil
Member
_ 		28. April 2007 @ 18:26 _ Link to this message    Send private message to this user   
Norton

Freaking

Sucks.

Get something better (for free, too) such as Avira AntiVir.

ZoneAlarm is also incompatible with many antiviruses and programs, but you should use it unless you encounter a major conflict/problem.

Update your Internet Explorer. This is essential to prevent against the loading of viruses into your computer. You can do this via Windows Update or manually (Google and download IE7) or use Firefox as an alternative.

Moving on to your HijackThis:

Open up HijackThis and hit "Do a scan only".

Have you installed a program called "GameSpot Deluxe Toolbar"? If not, check the following:
R3 - URLSearchHook: GameSpot Deluxe Toolbar - {05b60808-39c2-45a8-b911-8a7efa7aaf81} - C:\Program Files\GameSpot Deluxe\tbGam1.dll
O2 - BHO: GameSpot Deluxe Toolbar - {05b60808-39c2-45a8-b911-8a7efa7aaf81} - C:\Program Files\GameSpot Deluxe\tbGam1.dll
O3 - Toolbar: GameSpot Deluxe Toolbar - {05b60808-39c2-45a8-b911-8a7efa7aaf81} - C:\Program Files\GameSpot Deluxe\tbGam1.dll

If you use something like Kaspersky or Google Desktop, the following should be safe, but as a precaution, check it anyways:

O20 - AppInit_DLLs:

Click "Fix Checked" and close HijackThis.

I can't seem to find anything seriously wrong, actually. Run Avira AntiVir, and get rid of anything it sees. Also, ask it to make a log and post it here.

You could have a Vundo infection, so download VundoFix and run it. It should generate a log on your desktop, post that here too.

This might not accomplish anything, but it won't do any harm either. Download SmitFraudFix, reboot your computer into Safe Mode. Double-click SmitFraudFix.exe (or SmitFraudFix.cmd if it is an archive), press any key, and press "2". When asked if you want to clean the registry, press "y". It generates a log (rapport.txt), post that here. Reboot to normal. Note that this will erase your desktop background.

Rename HijackThis to asdf.exe and post another logfile.
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
Eugene482
Member
_ 		4. May 2007 @ 16:53 _ Link to this message    Send private message to this user   
HI, thanks. Gamespot Deluxe is my toolbar that I installed and occasionally use. I don't have Kaspersky, I use AVG Free and it found 8 Trojans when I did the scan. The PC works fine. Thanks. I switched to Firefox 2.0 --> so much better IMO.
[ + quote]
^_^ no sig.
Fredil
Member
_ 		4. May 2007 @ 18:12 _ Link to this message    Send private message to this user   
For a registry cleaner, use CCleaner. Rarely exceeding speeds of over 5 seconds its really fast and it works :)
[ + quote]
Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.
Advertisement
_ 		__
 
_
Eugene482
Member
_ 		9. May 2007 @ 18:01 _ Link to this message    Send private message to this user   
Erm, no. CCleaner doesn't fix all the registry things. I used it before, and it does fix a lot. Thanks though.
[ + quote]
^_^ no sig.
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
HijackThis 101 1 11. September 2013 Windows - Virus and spyware problems
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > here's my hijackthis log - i know i got trojans
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork