 |
 |
|
|
|||||||
|
||||||||
07-24-2006, 12:29 AM
|
#1 (permalink) |
|
banned
 
Join Date: Dec 2005
Location: Hales Corners Wisconson
Age: 17
Posts: 2,435
|
Hijack Log... help me please...
i think i got a bad cr**k...
 after i beleived the crack did its bad thing i press Ctrl+Alt+Delte and i found that it had disabled the control panel and turned off my firewall and editing the registry... then i unplugged my internet... then i started my avast and it found 2 viruses in the memory test so it had me restart the computer and do a boot scan... it found 4 viruses... 2 or 3 of them were system files and could not be repaired so i moved them to chest... now i think something is still wrong (my firewall wont turn on and i think it has to do with one of the system files i moved to the chest...) so plz tell me what i need to do, here is my log: Logfile of HijackThis v1.99.1 Scan saved at 6:21:32 PM, on 7/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Mozy\mozybackup.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\AIM+\AIM+.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\SECRET~1\secretsmiles.exe C:\Program Files\Styler\Styler.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\BitTorrent\bittorrent.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.imesh.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\Caleb\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Styler.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MozyBackup - Unknown owner - C:\Program Files\Mozy\mozybackup.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing) |
|
|
|
07-24-2006, 12:54 AM
|
#2 (permalink) |
|
banned
Join Date: Feb 2005
Posts: 1,486
|
Open your run box and copy and paste this in it sfc /scannow it will scan your pc for missing or corrupt windows files...you may need to insert your windows cd.
Then have hijack this fix these entries! O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) |
|
|
|
|
07-24-2006, 12:57 AM
|
#3 (permalink) |
|
Diamond Member
 
Join Date: Nov 2005
Location: Nor Cal
Age: 18
Posts: 6,217
|
http://www.hijackthis.de/
Give this site a try.
__________________
RIP Mom 9/17/55-02/22/08. McCain/Palin 08' |
|
|
|
|
07-24-2006, 01:47 AM
|
#4 (permalink) |
|
Platinum Member
 Join Date: Jan 2006
Posts: 567
|
Run this online scan from Panda http://www.pandasoftware.com/products/activescan.htm
|
|
|
|
|
07-24-2006, 03:20 AM
|
#6 (permalink) |
|
banned
Join Date: Dec 2005
Location: Hales Corners Wisconson
Age: 17
Posts: 2,435
|
my firewall is having problems...
this is what i tried doing... i opened Security Center then doing the firewall recomendations and it said Turn On Windows Firewall for all network connections, then i press enable... then it said: We're sorry. The Security Center could not turn on Windows Firewall. To try turning on the firewall yourself, go to Windows Firewall in Control Panel. In the Windows Firewall dialog General Tab, select On (recommended), and then click OK. so i clicked Windows Firewall like they said, and then this is what happened: Windows Firewall settings cannot be displayed because the associated service is not running. Do you wan't to start the Windows Firewall/Internet Sharing (ICS) service? when i click yes it says Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service. what do i do? here is my most recent log file: Logfile of HijackThis v1.99.1 Scan saved at 9:17:35 PM, on 7/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Mozy\mozybackup.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\AIM+\AIM+.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\SECRET~1\secretsmiles.exe C:\Program Files\Styler\Styler.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.imesh.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\Caleb\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Styler.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MozyBackup - Unknown owner - C:\Program Files\Mozy\mozybackup.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing) |
|
|
|
|
07-24-2006, 03:27 AM
|
#7 (permalink) |
|
Platinum Member
Join Date: Jan 2006
Posts: 567
|
I've never used Avast but how bout releasing those files from the chest and then see if the firewall starts up again.Then go ahead with the Panda scan which will remove everything but spyware.Remember, Avast does have false positives.I think they just failed the recent VBulletin tests because of it.And Avast also says that the 'Panda Online Scan' is a virus which it is most certainly not.
|
|
|
|
|
07-24-2006, 12:40 PM
|
#9 (permalink) |
|
banned
Join Date: Feb 2005
Posts: 1,486
|
This is why your firewall wont run you have an important system file missing
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing) Did you run the sfc /scannow like I said? What ever you do do not have hijackthis fix this entry, if that does not work use system restore and turn your PC back a couple of days before you had this problem and post a new hijackthis log. |
|
|
|
 |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Hijack This Log | woody | Computer Security | 5 | 01-09-2006 11:11 PM |
| Hijack this Log | Foel | Computer Security | 5 | 08-14-2005 09:37 AM |
| used mcfee, spybot, adware, etc. POPUP PERSISTS! HELP! Hijack log is here | genedna | Computer Security | 6 | 08-06-2005 01:28 PM |
| Toshiba Hijack this log | ANNR | Computer Security | 5 | 07-28-2005 06:05 PM |
| Internet connection problem - Hijack This Log Attached - Please Help!!! | markcoop | Internet Discussion | 1 | 05-23-2005 04:45 PM |
Linear Mode
