PDA

View Full Version : If you are bored, come look at my hijack this log!

CoolJ
10-24-06, 12:04 PM
I've tried EVERYTHING, and the popups won't stop!



Logfile of HijackThis v1.99.1
Scan saved at 12:00:16 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
YeOldeStonecat
10-24-06, 12:37 PM
Have you given SuperAntispyware a shot? Best free ad/spyware remover there is IMO.
CoolJ
10-24-06, 07:52 PM
ill give it a whirl! Thanks for the reply
CoolJ
10-24-06, 09:53 PM
Wow, I didnt even know this forum existed. Sowwy!
chimdogger
10-24-06, 10:14 PM
Turn off messenger?

www.grc.com Shoot the messenger program will take care of it
mnosteele52
10-24-06, 10:17 PM
Prior to doing anything XP users MUST disable System Restore!!! You can re enable it after you are clean.

1. Download, install and run CrapCleaner (http://www.ccleaner.com) to remove any temporary and junk files.

2. Download Ad-Aware SE 1.06 (http://www.majorgeeks.com/download506.html) and set it up as shown HERE (http://www.drtweak.com/index.php?topic=40.0).

3. Download SpyBot Search & Destroy 1.4 (http://www.safer-networking.org/index.php?page=download) and set it up as shown HERE (http://www.drtweak.com/index.php?topic=41.0).

4. Download SUPERAntiSpyware (http://www.superantispyware.com), update and do a full system scan.

5. Download AVG Anti-Spyware 7.5 (http://www.ewido.net/en/download), update and do a full system scan.

6. Download and run CWShredder (http://www.trendmicro.com/cwshredder).

7. Do a FREE online virus scan from BitDefender Online Scan (http://www.bitdefender.com/) and remove all that it finds.

8. If you aren't currently using a firewall or anti-virus profram then I suggest you install Comodo Firewall (http://www.personalfirewall.comodo.com/) and Active Virus Shield (http://www.activevirusshield.com/antivirus/freeav/index.adp?) - (setup instructions HERE (http://www.drtweak.com/index.php?topic=157.0)), both are FREE and offer excellent protection.

9. It is a good idea to use Sysinternal's Autoruns (http://www.sysinternals.com/Utilities/Autoruns.html) to make sure you have removed all of the malware.

10. It it also a good idea to run the Winsock Fix (http://www.snapfiles.com/get/winsockxpfix.html) to repair your TCP/IP stack. (you will have to redo any tweaks for your connection if this is used)

11. If after doing ALL of the above and you are still having problems please scan with HijackThis 1.99.1 (http://www.majorgeeks.com/download3155.html) as shown HERE (http://www.drtweak.com/index.php?topic=58.0) and post a log here in this forum for us to look at.

12. Download SpywareBlaster 3.5.1 (http://www.javacoolsoftware.com/spywareblaster.html) and set it up as shown HERE (http://www.drtweak.com/index.php?topic=42.0) to help stay spyware free.

13. Make sure you have ALL of the latest Windows Updates.

:)
CoolJ
10-25-06, 03:18 AM
Wow, thank you everyone very much! I tried all the programs listed prior to making this thread accept SuperAntiSpyware. I had 90% gone, and was stuck there. Well the SuperAntiSpyware got the rest of it!


Thanks Again!