Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Logfile of HijackThis v1.99.1- need help fixing my pc

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Logfile of HijackThis v1.99.1- need help fixing my pc

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 11-01-2007, 12:32 AM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 1
AliasIsNeo Is a beginner here at D-A-L
Exclamation Logfile of HijackThis v1.99.1- need help fixing my pc
i have this file that i'm not sure if i should delete. A0003768.exe. my virus protection says its a virus but it says in discription of the file that it is some sort of drive recovery file. so i put in on google and searched and all i could find on this file was everythign about hijack this. so dl it. everytime i open up Internet Explorer, this web page displays saying that i need to get rid of a virus and it won't let me go back to my home page. i also have this program running in my background called ISAMONITOR.EXE and ISIMINI.EXE. ive never seen these files before in my background. heres my log if anyone can help me here. thnx much appreciated

Logfile of HijackThis v1.99.1
Scan saved at 5:04:14 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:6711
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.3.102.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 11-01-2007, 05:23 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Logfile of HijackThis v1.99.1- need help fixing my pc
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply (if unsure of your results).
DO NOT RUN ANY OTHER OPTIONS UNTIL REQUESTED TO.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm





If infected files were listed above, please proceed as follows:

STEP # 2 - Cleaning

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.



Download and install AVG Anti-Spyware 7.5 (AVG AS - previously known as Ewido anti-spyware 4.0) (uninstall any previous version first).
  • Click the Download BUTTON. On the next page click the Download now BUTTON.
  • Save and then install (Run) from the save location.
  • Open/Run AVG Anti-Spyware
  • Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    Quote:
  • Click on the Update now LINK at the top of the window
    • Click on the Start update button
    • Wait for the update to download and install
    		•
  • This is very important to get the LATEST updates
  • Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  • Click on the Scanner ICON at the top of the window
  • Click on the Settings tab then select Recommended Actions and choose Quarantine
  • When updating has finished. Close AVG Anti-Spyware.



We will be using this tool in a later step.




Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware , and run a full scan:
  • Click on the default Status ICON and select the Scan now LINK.

    OR

  • Click on the Scanner ICON . Select the Scan TAB.

    • Select Complete System Scan. AVG Anti-Spyware will now begin to scan your system.

  • If AVG Anti-Spyware finds anything it will list them in the Preview WINDOW:
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).

  • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
  • Copy and paste the AVG Anti-Spyware scan results into your next post.
  • Close AVG Anti-Spyware.


______________________________
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

----------No items specified

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.


______________________________
Reboot in Normal Mode.

Please post (preferably not file attachments, please):
  1. c:\rapport.txt
  2. AVG Anti-Spyware log
  3. A new HijackThis log
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
hijackthis logfile glukowicz Spyware, Adware, Viruses and HijackThis Logs 3 18-02-2007 10:25 PM
my hijackthis logfile gjsech Spyware, Adware, Viruses and HijackThis Logs 1 18-10-2005 09:35 PM
Here's my HijackThis logfile.. -RacerX- Spyware, Adware, Viruses and HijackThis Logs 3 15-06-2005 11:38 PM
HijackThis Logfile... Eggie Spyware, Adware, Viruses and HijackThis Logs 9 22-05-2005 08:06 PM
Logfile of HijackThis ojorge Spyware, Adware, Viruses and HijackThis Logs 3 24-02-2005 04:34 PM


All times are GMT +1. The time now is 10:22 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav