1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack this ! Adware, spyware and other virus help..

Discussion in 'Virus & Other Malware Removal' started by Kryder6, Jul 10, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Kryder6

    Kryder6 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    7
    I was reading in the other threads that the tech guys always refer to the program Hijack This! and I did coppy my log file from the program so I was wondering what I need to delete. I know I do have smiley District and this program is so irritating because no matter how many times I find this stupid adware/trojan/bot it keeps comming back!!! I know that you all will think that I am crazy when I tell you that I don't have any pay virus protection. I only have the free AVG and a couple of other free programs like true sword,CCleaner, and Vcleaner. I DO have some free programs that came with my computer such as "Spybot: search and destroy" and "Adware SE-personal" these do work O.K., but I think they are skipping some things. I DO update and Imunize these programs!

    I am really paranoid about computer security so before I post my log file: will this pose any threat to my computer at all? (exposing my log information, I mean)
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Post the hijack log - it is totally safe
     
  3. Kryder6

    Kryder6 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    7
    here it is:


    • Logfile of HijackThis v1.97.7
      Scan saved at 2:45:58 PM, on 7/10/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16473)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Apoint\Apoint.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\Documents and Settings\manda\Desktop\Andrew\iTunes\iTunesHelper.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\DellSupport\DSAgnt.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
      C:\Documents and Settings\manda\Desktop\Andrew\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Documents and Settings\manda\Desktop\Computer Security\HijackThis.exe

      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

      O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\manda\Desktop\COMPUT~1\SPYBOT~1\SDHelper.dll

      O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

      O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

      O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

      O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

      O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

      O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\manda\Desktop\Andrew\iTunes\iTunesHelper.exe"

      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

      O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

      O4 - HKCU\..\Run: [swg] C:\Program
      Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

      O9 - Extra button: Smiley District (HKLM)
      O9 - Extra 'Tools' menuitem: Smiley District (HKLM)
      O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
      O9 - Extra button: Research (HKLM)
      O9 - Extra button: AIM (HKLM)
      O9 - Extra button: MUSICMATCH MX Web Player (HKLM)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
      O9 - Extra button: Messenger (HKLM)
      O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

      O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

      O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab

      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127003620296

      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

      O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab

      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

      O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab

      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cvent.webex.com/client/T23L/training/ieatgpc.cab
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    That is a grossly old version of hijack

    With the new log - in notepad go to FORMAT and uncheck wordwrap - if you seperated the lines, don't it really makes it harder to read

    AVG free is what I use!

    ==============

    Do this before you post the new hijack log

    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!




    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  5. Kryder6

    Kryder6 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    7
    I'm not the only one who uses this computer in my house. My dad used to have this as his work computer (his work bought him a new mac), but I don't know how I could change the computer options so that the partition that everyone else in my family uses has administration options. Will I have to get into his partition to change the options? The program will not run unless you have administrator options.....

    Thoes instructions are very detailed. Very nicely done! even a person with little or no computer experience could use these. I do have probubly an intermediate knowledge level of computers. My desktop computer is a mac so I have to constantly switch the way I think with the computers. (option wise). lol, I tried to access the administration options like a mac! I'm a little computer-crazed. Anyway, Thanks for the help!

    BTW sorry about the spacing in the log. I thought that it would help you out by spacing them out. I won't mess with them again because I know that I may be accidently deleting or incorectly spacing the computer's log file. This may cause some viruses to be over looked, or worse yet, an essential component could be deleted by my neglegence! T.Y.

    Do you know of any free wireless protection because my wireless net-work may be hacked, but I'm not sure. All I have to protect me against is the WEP code that the router requires. That could be easily passed as I hear from my friend (hes a hacker). What an idiot. Making peoples lives harder by cyber-bullying.


    Thanks again!
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Have you dad or who ever is the administrator to DL and install the program
     
  7. Kryder6

    Kryder6 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    7
    Yeah I'll try but, he really doesn't know too much about these free anti-virus programs on the net and he is just as paranoid as I am about viruses. lol. I'll just see if I can switch the admin accessability options because it's not his anymore. lol. I wana take this with me to college.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/594106

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice