Hijack this ! Adware, spyware and other virus help..

[Kryder6]

I was reading in the other threads that the tech guys always refer to the program Hijack This! and I did coppy my log file from the program so I was wondering what I need to delete. I know I do have smiley District and this program is so irritating because no matter how many times I find this stupid adware/trojan/bot it keeps comming back!!! I know that you all will think that I am crazy when I tell you that I don't have any pay virus protection. I only have the free AVG and a couple of other free programs like true sword,CCleaner, and Vcleaner. I DO have some free programs that came with my computer such as "Spybot: search and destroy" and "Adware SE-personal" these do work O.K., but I think they are skipping some things. I DO update and Imunize these programs!

I am really paranoid about computer security so before I post my log file: will this pose any threat to my computer at all? (exposing my log information, I mean)

 

[MFDnNC]

Post the hijack log - it is totally safe

 

[Kryder6]

here it is:

• 
  Logfile of HijackThis v1.97.7
  Scan saved at 2:45:58 PM, on 7/10/2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16473)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Apoint\Apoint.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
  C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
  C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
  C:\Documents and Settings\manda\Desktop\Andrew\iTunes\iTunesHelper.exe
  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\DellSupport\DSAgnt.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\Program Files\Apoint\Apntex.exe
  C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
  C:\Documents and Settings\manda\Desktop\Andrew\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\Documents and Settings\manda\Desktop\Computer Security\HijackThis.exe
  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\manda\Desktop\COMPUT~1\SPYBOT~1\SDHelper.dll
  
  O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
  
  O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
  
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
  
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  
  O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
  
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
  
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
  
  O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
  
  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
  
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\manda\Desktop\Andrew\iTunes\iTunesHelper.exe"
  
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  
  O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
  
  O4 - HKCU\..\Run: [swg] C:\Program
  Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  
  O9 - Extra button: Smiley District (HKLM)
  O9 - Extra 'Tools' menuitem: Smiley District (HKLM)
  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
  O9 - Extra button: Research (HKLM)
  O9 - Extra button: AIM (HKLM)
  O9 - Extra button: MUSICMATCH MX Web Player (HKLM)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
  
  O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
  
  O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
  
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
  
  O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
  
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127003620296
  
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
  
  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
  
  O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
  
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  
  O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
  
  O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cvent.webex.com/client/T23L/training/ieatgpc.cab
  

 

[MFDnNC]

That is a grossly old version of hijack

With the new log - in notepad go to FORMAT and uncheck wordwrap - if you seperated the lines, don't it really makes it harder to read

AVG free is what I use!

==============

Do this before you post the new hijack log

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

This will take some time!!!!!!!




Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

[Kryder6]

I'm not the only one who uses this computer in my house. My dad used to have this as his work computer (his work bought him a new mac), but I don't know how I could change the computer options so that the partition that everyone else in my family uses has administration options. Will I have to get into his partition to change the options? The program will not run unless you have administrator options.....

Thoes instructions are very detailed. Very nicely done! even a person with little or no computer experience could use these. I do have probubly an intermediate knowledge level of computers. My desktop computer is a mac so I have to constantly switch the way I think with the computers. (option wise). lol, I tried to access the administration options like a mac! I'm a little computer-crazed. Anyway, Thanks for the help!

BTW sorry about the spacing in the log. I thought that it would help you out by spacing them out. I won't mess with them again because I know that I may be accidently deleting or incorectly spacing the computer's log file. This may cause some viruses to be over looked, or worse yet, an essential component could be deleted by my neglegence! T.Y.

Do you know of any free wireless protection because my wireless net-work may be hacked, but I'm not sure. All I have to protect me against is the WEP code that the router requires. That could be easily passed as I hear from my friend (hes a hacker). What an idiot. Making peoples lives harder by cyber-bullying.


Thanks again!

 

[MFDnNC]

Have you dad or who ever is the administrator to DL and install the program

 

[Kryder6]

Yeah I'll try but, he really doesn't know too much about these free anti-virus programs on the net and he is just as paranoid as I am about viruses. lol. I'll just see if I can switch the admin accessability options because it's not his anymore. lol. I wana take this with me to college.