1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Newbie here.....2 questions

Discussion in 'General Security' started by Seantaylor21, Oct 3, 2008.

Thread Status:
Not open for further replies.
  1. Seantaylor21

    Seantaylor21 Thread Starter

    Joined:
    Oct 3, 2008
    Messages:
    1
    hey guys, i just heard about this "hijackthis" program....so i downloaded and was checking out the forums and looking at "logs"....I currently have bazooka...adware-2008....cc-cleaner...Defrag ....malware and spyware doctor.....

    here are my 2 questions....i ran bazooka and came up with this "exploit searchterror.com...i followed the removal steps and still cannot remove it...what should I do now?

    #2 here is my log file for hijackthis: (i have no clue what to get rid of)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:21:30 PM, on 10/3/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
    O2 - BHO: (no name) - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - (no file)
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US <a href="ee://aol/imApp" target="_blank">ee://aol/imApp</a>
    O4 - HKCU\..\Policies\Explorer\Run: [olecho] C:\WINDOWS\system32\olecho.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O8 - Extra context menu item: &AIM Search - <a href="res://C:\Program" target="_blank">res://C:\Program</a> Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000</a>
    O8 - Extra context menu item: SirSearch - <a href="file://C:\Program" target="_blank">file://C:\Program</a> Files\PWRSDP1\Cache\SelectedContextSearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18c64bf865bd834db301/netzip/RdxIE601.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/hitthepros03/foxsports/wtinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15052BF4-5EBA-49C7-8A6F-5D26F57CE592}: NameServer = 167.206.245.7,167.206.245.71
    O17 - HKLM\System\CS1\Services\Tcpip\..\{15052BF4-5EBA-49C7-8A6F-5D26F57CE592}: NameServer = 167.206.245.7,167.206.245.71
    O17 - HKLM\System\CS2\Services\Tcpip\..\{15052BF4-5EBA-49C7-8A6F-5D26F57CE592}: NameServer = 167.206.245.7,167.206.245.71
    O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AOL Smart Update Service (AOL-Updatr) - Unknown owner - C:\WINDOWS\Fonts\aolupd.exe (file missing)
    O23 - Service: Print Spooler Service (baqhaauqb9) - Unknown owner - C:\WINDOWS\system32\aom.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5602 bytes












    THANKS FOR ALL THE HELP!!!!!!!!!!!!!!!!!!
     
  2. 1002richards

    1002richards Retired Trusted Advisor

    Joined:
    Jan 29, 2006
    Messages:
    5,333
    Hi and Welcome to TSG,
    For expert guidance on HJT logs you'll need to 'report' this thread & ask a Mod to move it to the HJT forum. There are many requests but few experts so please be patient.
    This from TSG Rules to clarify:
    "Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information"

    Richard.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/755912

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice