hijack logg

CmoAMD · 11-19-2005, 10:58 PM

Slow performance... pop ups, crashes alot. Those are my problems.

Logfile of HijackThis v1.99.1
Scan saved at 5:57:05 PM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jonathan\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R3 - URLSearchHook: HyperSearchHook - {D86BDD9B-A435-456F-B072-90E720DE9F83} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing)
F0 - system.ini: Shell=Explorer.exe c:\windows\system32\winmsn.exe
F1 - win.ini: run=c:\windows\system32\winmsn.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {413EC4AA-03C4-3FF7-6A60-CF8520C59F9E} - C:\DOCUME~1\Jonathan\APPLIC~1\SETUPE~1\loud knob.exe
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\server.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinNite] C:\WINDOWS\NITEAIM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Win zite] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [play move test date] C:\Documents and Settings\All Users\Application Data\Acid rdr play move\bone software.exe
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\server.exe
O4 - HKCU\..\Run: [METABOOB] C:\DOCUME~1\Jonathan\APPLIC~1\BALM16~1\Insidename. exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095105930035
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\JONATHAN\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)

After someone helps me with this, ill be running ad-aware se. Anything else I should do?

**Buzz1927** · 11-19-2005, 11:02 PM

Run the scans here.
Basic Malware Removal

Save the results of the PandaActiveScan and post them here, along with a new Hijackthis log after a reboot.

CmoAMD · 11-19-2005, 11:09 PM

So I should run Adaware and Spybot first, reboot, then do the Panda scan, reboot, then hijack?

CmoAMD · 11-19-2005, 11:37 PM

Ok, Ad-aware SE and Spybot are running.... then ill reboot, then do the Panda thing, and after thats done, get the log, run hijac, get the log, and post here.

**Buzz1927** · 11-19-2005, 11:48 PM

You can do it all without rebooting, just reboot before taking a new Hijackthis log.

CmoAMD · 11-19-2005, 11:54 PM

Ok I finished the Adaware and spybot scans, did the fixes/deletes on them, and rebooted. Now I do Panda?

**Buzz1927** · 11-19-2005, 11:59 PM

Yes, and post the results, thanks.

CmoAMD · 11-20-2005, 12:07 AM

Panda taking a long time.... like 3/5 done

**Buzz1927** · 11-20-2005, 12:11 AM

Reboot when it's done, and post a new Hijackthis log, and the results from the pandascan.

CmoAMD · 11-20-2005, 12:11 AM

Will panda remove the bad things it found or just give me a result?

11-19-2005, 10:58 PM	#1 (permalink)
CmoAMD Gold Member Join Date: Sep 2005 Location: Miami, FL Age: 21 Posts: 497	hijack logg Slow performance... pop ups, crashes alot. Those are my problems. Logfile of HijackThis v1.99.1 Scan saved at 5:57:05 PM, on 11/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jonathan\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/ R3 - URLSearchHook: HyperSearchHook - {D86BDD9B-A435-456F-B072-90E720DE9F83} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll (file missing) F0 - system.ini: Shell=Explorer.exe c:\windows\system32\winmsn.exe F1 - win.ini: run=c:\windows\system32\winmsn.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll O2 - BHO: (no name) - {413EC4AA-03C4-3FF7-6A60-CF8520C59F9E} - C:\DOCUME~1\Jonathan\APPLIC~1\SETUPE~1\loud knob.exe O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\server.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinNite] C:\WINDOWS\NITEAIM.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Win zite] C:\WINDOWS\\\\\\\\\\\\\\ O4 - HKLM\..\Run: [play move test date] C:\Documents and Settings\All Users\Application Data\Acid rdr play move\bone software.exe O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\server.exe O4 - HKCU\..\Run: [METABOOB] C:\DOCUME~1\Jonathan\APPLIC~1\BALM16~1\Insidename. exe O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe" O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095105930035 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\JONATHAN\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing) After someone helps me with this, ill be running ad-aware se. Anything else I should do?

11-19-2005, 11:02 PM	#2 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,104	Run the scans here. Basic Malware Removal Save the results of the PandaActiveScan and post them here, along with a new Hijackthis log after a reboot. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

11-19-2005, 11:09 PM	#3 (permalink)
CmoAMD Gold Member Join Date: Sep 2005 Location: Miami, FL Age: 21 Posts: 497	So I should run Adaware and Spybot first, reboot, then do the Panda scan, reboot, then hijack? Last edited by CmoAMD; 11-19-2005 at 11:16 PM.

11-19-2005, 11:48 PM	#5 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,104	You can do it all without rebooting, just reboot before taking a new Hijackthis log. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

11-19-2005, 11:59 PM	#7 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,104	Yes, and post the results, thanks. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

11-19-2005, 11:37 PM	#4 (permalink)
CmoAMD Gold Member Join Date: Sep 2005 Location: Miami, FL Age: 21 Posts: 497	Ok, Ad-aware SE and Spybot are running.... then ill reboot, then do the Panda thing, and after thats done, get the log, run hijac, get the log, and post here.

11-19-2005, 11:54 PM	#6 (permalink)
CmoAMD Gold Member Join Date: Sep 2005 Location: Miami, FL Age: 21 Posts: 497	Ok I finished the Adaware and spybot scans, did the fixes/deletes on them, and rebooted. Now I do Panda?

11-20-2005, 12:07 AM	#8 (permalink)
CmoAMD Gold Member Join Date: Sep 2005 Location: Miami, FL Age: 21 Posts: 497	Panda taking a long time.... like 3/5 done

11-20-2005, 12:11 AM	#9 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,104	Reboot when it's done, and post a new Hijackthis log, and the results from the pandascan. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

11-20-2005, 12:11 AM	#10 (permalink)
CmoAMD Gold Member Join Date: Sep 2005 Location: Miami, FL Age: 21 Posts: 497	Will panda remove the bad things it found or just give me a result?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode