Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 17:36
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hey guys, .... hjt log here when you get a chance..... thanks
Show topics
 
Forums
Forums
Hey guys, .... HJT log here when you get a chance..... thanks
  Jump to:
 
Posted Message
Rosati
Newbie
_ 		27. May 2006 @ 15:38 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 7:32:28 PM, on 5/27/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20000\services.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\3639393C393F41.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\System32\13604108.exe
C:\WINDOWS\System32\kerneld16.exe
C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\inet20000\mm6.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\inet20000\socks.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dlh9jkdq1.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\UNZIPPED\HIJACK~1\HijackTh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://spywaresoftstop.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://spywaresoftstop.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
F3 - REG:win.ini: run=C:\WINDOWS\inet20000\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20000\3.03.00.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [A4A7A7AAA7ADAFAF] 3639393C393F41.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20000\services.exe
O4 - HKLM\..\Run: [13604108.exe] C:\WINDOWS\System32\13604108.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\kerneld16.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20000\socks.exe
O4 - HKLM\..\Run: [Software Soft Stop] C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20000\services.exe
O4 - HKCU\..\Run: [13604108.exe] C:\Documents and Settings\Rob Rosato\Local Settings\Application Data\13604108.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O20 - AppInit_DLLs: ipgjahll.dll,Runner.dll,cmstart.dll,Runner.dll,cmstart.dll
O20 - Winlogon Notify: s_reg - C:\WINDOWS\SYSTEM32\notifysb.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE



this is real bad....
[ + quote]
-kemisti-
AfterDawn Addict
_ 		28. May 2006 @ 02:17 _ Link to this message    Send private message to this user   
Yes, it is.

Uninstall via Add/remove programs (control panel):

Spyware Soft Stop or similar

Fix with HjT (do a system scan only, checkmark these and press fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://spywaresoftstop.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://spywaresoftstop.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
F3 - REG:win.ini: run=C:\WINDOWS\inet20000\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20000\3.03.00.dll
O4 - HKLM\..\Run: [A4A7A7AAA7ADAFAF] 3639393C393F41.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20000\services.exe
O4 - HKLM\..\Run: [13604108.exe] C:\WINDOWS\System32\13604108.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\kerneld16.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20000\socks.exe
O4 - HKLM\..\Run: [Software Soft Stop] C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20000\services.exe
O4 - HKCU\..\Run: [13604108.exe] C:\Documents and Settings\Rob Rosato\Local Settings\Application Data\13604108.exe
O20 - Winlogon Notify: s_reg - C:\WINDOWS\SYSTEM32\notifysb.dll
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Network Monitor
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete Network Monitor
Click: OK

Please download ewido anti-malware it is a free version of the program -> http://www.ewido.net/en/download/

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://download.ewido.net/ewido-signatures-full-current.exe Make sure to close Ewido before installing the update.

Once the updates are installed do the following:

Reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Delete if found:

C:\WINDOWS\inet20000
C:\WINDOWS\System32\3639393C393F41.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\System32\13604108.exe
C:\WINDOWS\System32\kerneld16.exe
C:\Program Files\Spyware Soft Stop
C:\Documents and Settings\Rob Rosato\Local Settings\Application Data\13604108.exe
C:\WINDOWS\SYSTEM32\notifysb.dll
C:\WINDOWS\System32\dlh9jkdq1.exe
C:\Program Files\Network Monitor

Then launch ewido:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Reboot back to normal mode

Send ewido report and a fresh HjT log.
[ + quote]
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
Findgala. Sticked Failed. HJT Log 8 21. August 2013 Windows - Virus and spyware problems
Pls check my HJT - is it heathy now? 4 14. February 2012 Windows - Virus and spyware problems
Laptop freezes and need re boot. HJT help needed 6 13. February 2012 Windows - Virus and spyware problems
Hi! Can someone take a look at a HJT log please, nasty virus! 1 27. January 2012 Windows - Virus and spyware problems
HJT..... Assist Please 15 31. December 2011 Windows - Virus and spyware problems
Redirections, other random things, HJT log 2 23. May 2011 Windows - Virus and spyware problems
System slow on startup and running loud - HJT log 3 11. May 2011 Windows - Virus and spyware problems
Slow and lagging computer -HJT log 4 30. March 2011 Windows - Virus and spyware problems
computer actin up a lil (HJT log) 3 24. February 2011 Windows - Virus and spyware problems
HJT log, please check 1 24. January 2011 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hey guys, .... hjt log here when you get a chance..... thanks
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork