Splotchy Posted April 17, 2005 Share Posted April 17, 2005 Sharper found a lot of things before I reformatted my comp so I'd like to know what to fix again. :oops: Logfile of HijackThis v1.99.1 Scan saved at 7:30:26 PM, on 4/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile] C:\Program Files\Google\Gmail Notifier\gnotify[Caution: ExecutableFile] C:\Program Files\Picasa2\PicasaMediaDetector[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] C:\Program Files\AIM\aim[Caution: ExecutableFile] C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] C:\Program Files\XoftSpy\XoftSpy[Caution: ExecutableFile] C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis[Caution: ExecutableFile] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify[Caution: ExecutableFile] O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector[Caution: ExecutableFile] O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy[Caution: ExecutableFile]" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/[garden tool] ... scan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2297592671 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
Splotchy Posted April 17, 2005 Author Share Posted April 17, 2005 Forgot to say this: http://www.spywareinfo.com/~merijn/downloads.html ^lots of downloads there, should I get any? and Why does adaware find tracking cookies everytime I scan? :x Link to comment Share on other sites More sharing options...
blade995 Posted April 17, 2005 Share Posted April 17, 2005 because they "track" you. I am not sure but i think to track what your doing on their site. Can someone confirm this? They are prety harmless if don't want ad-aware to find them just delete your history before you scan. :wink: Link to comment Share on other sites More sharing options...
Vape Posted April 17, 2005 Share Posted April 17, 2005 Log is clean, except you don't appear to have a firewall running. Seeing as your pc is clean, now would be an excellent time to do so. Additionally, since your pc is as clean as it'll ever be, now would be an excellent time to get Firefox! It's far more secure than IE. You've obviously just gone through the time consuming and difficult ideal of reformatting because of some sort of malware. Firefox stops websites installing programs on your pc through activex. Additionally there's a whole bunch of other features and cool stuff. It's easy to use and imports your data (bookmarks etc.) from ie :) Where the bloody hell are you? Link to comment Share on other sites More sharing options...
Splotchy Posted April 18, 2005 Author Share Posted April 18, 2005 Strange, im using firefox. :o Also, i have a firewall, from SP2. O well, glad nothing is bad. :) Link to comment Share on other sites More sharing options...
Vape Posted April 18, 2005 Share Posted April 18, 2005 In the log it says you were using IE ;) The windows SP2 firewall is a poor excuse for a security program, I suggest you download either Sygate or Zonealarm (both free.) The windows firewall only monitors incoming connections, not outgoing ones. So if someone sends you a file over msn, and you open it, the file can then start logging keystrokes back to a server and your firewall won't stop it. Good firewalls will do this. Where the bloody hell are you? Link to comment Share on other sites More sharing options...
Sharper Posted April 18, 2005 Share Posted April 18, 2005 I think HJT reports the IE version even if you use Firefox as your default browser. But I'm not 100% sure. Link to comment Share on other sites More sharing options...
Hannibal Posted April 18, 2005 Share Posted April 18, 2005 I think HJT reports the IE version even if you use Firefox as your default browser. But I'm not 100% sure. I am ;). The only way you can *know* someone's using something other than IE is by noticing it in the process list hjt generates. Link to comment Share on other sites More sharing options...
Vape Posted April 18, 2005 Share Posted April 18, 2005 Logfile of HijackThis v1.99.1 ... Running processes: ... C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] Where the bloody hell are you? Link to comment Share on other sites More sharing options...
Hannibal Posted April 18, 2005 Share Posted April 18, 2005 Logfile of HijackThis v1.99.1 ... Running processes: ... C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile] So? I want to get my windows updates too sometimes, you know... Link to comment Share on other sites More sharing options...
Hannibal Posted April 18, 2005 Share Posted April 18, 2005 That, and msn forces me to use IE when I check my hotmail for spam :\ Link to comment Share on other sites More sharing options...
Vape Posted April 18, 2005 Share Posted April 18, 2005 Okay, granted, u gotta use it sometimes. As for hotmail... you tried http://webmail.mozdev.org/ ? Where the bloody hell are you? Link to comment Share on other sites More sharing options...
zonda Posted April 18, 2005 Share Posted April 18, 2005 Make sure firfox is set to your default browser and I believe it will use that instead when opening new windows ... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now