Hijack This Log (I have viruses that wont leave when asked nicely. please help)

Toggle sidebar Toggle sidebar
S

Snark42

Junior Member
Feb 19, 2004
21
0
0
Logfile of HijackThis v1.97.7
Scan saved at 7:31:33 PM, on 07/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hotkeysvc.exe
C:\WINDOWS\system32\PCsync.exe
C:\WINDOWS\system32\gah95on6.exe
C:\WINDOWS\system32\cthelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PCCILL~1\PcCtlCom.exe
C:\PROGRA~1\PCCILL~1\Tmntsrv.exe
C:\PROGRA~1\PCCILL~1\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\PCCILL~1\TmPfw.exe
C:\PROGRA~1\PCCILL~1\PccGuide.exe
C:\Documents and Settings\Jordan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
 
mechBgon

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
1) get the latest version of HJT from here: http://www.spywareinfo.com/~merijn/downloads.html

2) download and install a 30-day trial of Kaspersky Antivirus from http://www.kaspersky.com/trials

3) install Kaspersky and set the real-time and on-demand scanners to Maximum. Also click Settings > Configure Updater and set the updater to use extended databases

4) Disable System Restore.

5) Install and update the Microsoft AntiSpyware. Run it, fix stuff, then reboot into Safe Mode.

6) In Safe Mode, run an exhaustive Kaspersky scan, then reboot into Normal Mode and do another Microsoft AntiSpyware scan and another Kaspersky scan and see if it all stayed dead :evil:


If you want to post an updated HJT log with 1.99, that would be interesting to see.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom