Anyone want to look at my Hijack This Log?

Discussion in 'OT Technology' started by Pootie, Mar 23, 2005.

  1. Pootie

    Pootie The Mantra alarm has no "snooze button". OT Supporter

    Joined:
    Aug 10, 2003
    Messages:
    199,501
    Likes Received:
    4,066
    Location:
    Injunana
    I did everything on the stickied thread and still have a few bugs that won't go away. I really would only want to system restore as a last resort. I have an Ad-Aware logfile and a HJ one.
    Logfile of HijackThis v1.98.2
    Scan saved at 4:25:19 PM, on 3/23/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\mdmdev.exe
    C:\Program Files\Spyware Shit\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AIM\aim.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
    C:\PROGRA~1\SPYWAR~1\AD-AWA~2\Ad-Aware.exe
    C:\Program Files\Spyware Shit\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spyware Shit\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
    O2 - BHO: Media Playback Support Dll - {9D9A7350-46C9-4E3C-92EF-382B5740A1C3} - C:\WINDOWS\system32\bvicore.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {B5178B9D-E120-4EB5-8691-C39246046D4C} - C:\WINDOWS\system32\epjdla.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\SPYWAR~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Kyle\LOCALS~1\Temp\se.dll,DllInstall
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spyware Shit\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\SPYWAR~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\SPYWAR~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\SPYWAR~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\SPYWAR~1\FlashGet\flashget.exe
    O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
    O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
    O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
    O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O18 - Filter: text/html - {0199838D-8EBA-4E21-800D-61C1D1A08AED} - C:\WINDOWS\system32\epjdla.dll
    O18 - Filter: text/plain - {0199838D-8EBA-4E21-800D-61C1D1A08AED} - C:\WINDOWS\system32\epjdla.dll

    I can post my Ad-Aware one if needed. I really have done everything I can think of and I really hate bothering people for this sort of thing. Thank you in advance.
     
  2. cmsurfer

    cmsurfer ºllllllº

    Joined:
    Jun 6, 2003
    Messages:
    5,077
    Likes Received:
    0
    Location:
    NJ
  3. Pootie

    Pootie The Mantra alarm has no "snooze button". OT Supporter

    Joined:
    Aug 10, 2003
    Messages:
    199,501
    Likes Received:
    4,066
    Location:
    Injunana
    Thanks alot. I think that may have gotten it.
     
  4. nicotino16

    nicotino16 New Member

    Joined:
    Aug 15, 2003
    Messages:
    1,662
    Likes Received:
    0
    Location:
    grapevine, texas
    what about these? the thing didnt know what they were, but possibly trojan somethings.

    O4 - HKLM\..\Run: [TP7FP3I2.exe] C:\documents and settings\owner\local settings\temp\TP7FP3I2.exe

    O4 - HKLM\..\Run: [V.exe] C:\documents and settings\owner\local settings\temp\V.exe
     

Share This Page