1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please review my HT log

Discussion in 'Virus & Other Malware Removal' started by Nicola99, Apr 9, 2004.

Thread Status:
Not open for further replies.
  1. Nicola99

    Nicola99 Thread Starter

    Joined:
    Nov 3, 2003
    Messages:
    4
    Can you please review my HT Log.
    I was hit by the W32.Kwbot.F.Worm and have run Adaware and Spybot already.

    Thanks !!!!!!

    Nicola.


    Logfile of HijackThis v1.97.3
    Scan saved at 18:06:30, on 9-4-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\phpdev5\apache\Apache.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\phpdev5\apache\Apache.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\phpdev5\ApacheMonitor.exe
    C:\phpdev5\mysql\bin\mysqld-nt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
    C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Spyware\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.areaverde.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB--7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {1059D2E2-EA3E-11D5-AF3C} (CAX Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {5B27C20D-FFB6-4054-BA78} (Microsoft Office Template Downloader) - http://office.microsoft.com/uk/TemplateGallery/msotd.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37917.544212963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE591B16-A452-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C22A6D9-481B75C11080}: NameServer = 194.134.5.55 194.134.5.5
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,269
    Please update Hijack This to the latest version which is v1.97.7 and then repost your log in case something shows in the later version that the earlier one didn't pick up.

    Config. - misc. tools - check for updates on-line

    Cookie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/218746

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice