• We should now be fully online following an overnight outage. Apologies for any inconvenience, we do not expect there to be any further issues.

My "Hijack this" log file

Toggle sidebar Toggle sidebar
Mrvile

Mrvile

Lifer
Oct 16, 2004
14,066
1
0
I was told to run this, then post my log file here so you guys could help.

Here it is:

Logfile of HijackThis v1.99.0
Scan saved at 22:05:17, on 2004-12-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hijackthis.zip ????? 1\HijackThis.exe

O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll
O2 - BHO: SDWin32 Class - {D7AF16F4-ECF7-45DA-A3E8-60CC91B00E5F} - C:\WINDOWS\System32\dnpxt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [uxculrw] C:\WINDOWS\System32\wtjbzavi.exe
O4 - HKLM\..\Run: [dnpxtc] C:\WINDOWS\System32\dnpxtc.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [p35T3Fi] ipcwseui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Y0u3RPG8X] inpsipc.exe
O4 - Startup: ??QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java ??? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.exe
O9 - Extra 'Tools' menuitem: ??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/downloa...uite/yautocomplete.cab
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe



Desperately need help! IE and comp running slow, getting a few popups, and it's stupid!
 
mechBgon

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Running your log through this online analyzer, it appears that you:

1) don't have Service Pack 2 for WinXP

2) don't have antivirus software

3) don't have a firewall software

4) definitely have some malware


#1-#3 really stack the odds against you, homes, especially if you ever venture to a LAN party :p If it were me, being my usual drastic self, I would simply blow away the whole Windows installation and start from the top, following the initial and ongoing preventive measures I nicely typed up for myself here :D Follow those, all of those, and you will be a tough cookie as long as you resist the urge to install stuff without reading the fine print. We have met the enemy, and he is us...

But then again, I don't have a bunch of HL2 or Doom3 savegames to lose either ;) So if you want to try to combat this problem, start by

1) downloading and installing a nice free 15-day trial version of Norton Antivirus 2005 from here :) Update its definitions using LiveUpdate, and go through all the Options and enable/max-out everything you can find.

2) download and install Spybot Search &amp; Destroy and Lavasoft Ad-Aware SE Personal if you haven't already, and update their definitions.

3) as resources, also download LSPFix and WinSockFix from JackMDS's page. If your Internet connection gets busted in the process of tearing out malware, you use those.

4) disable System Restore

5) reboot in Safe Mode and do exhaustive system scans using Ad-Aware, Spybot and Norton Antivirus

6) while in Safe Mode, next have HJT fix the stuff that was identified as questionable or evil in that logfile above. That means you need to have that stuff written down or printed out since you won't be able to reach the Internet in Safe Mode

7) reboot into normal mode and run another HJT scan and see if you're ok now

EDIT: and of course 8), switch on your common sense and get your system patched to the hilt :p Use MBSA to look deeper than even Windows Update does. Turn on the Windows Firewall or else hook yourself up with free ZoneAlarm


Give that a whirl and see if you can frag some malware :D
 
Mrvile

Mrvile

Lifer
Oct 16, 2004
14,066
1
0
Ok thanks mech, the thing is, this really isn't my computer (my dad's old Celeron <500mhz comp), in my drastic and spastic attempt to get the webpage to move faster I accidentally clicked a link that installed some toolbars, now I guess I'm screwed. Anyway I don't really care if he doesn't have Norton or SP2 or whatever on it, as long as he doesn't have this malware I installed for him after I'm done using it :(

I'll give everything you told me a whirl, right now I'm running a free version of scanspyware. Will get to the others after this finishes.

EDIT: I do have Adaware and Spybot on this comp, they find some stuff but not all of it.
 
Mrvile

Mrvile

Lifer
Oct 16, 2004
14,066
1
0
Yeah haha gee.

Anyway their shareware was a nogo, only detect, no delete so I just uninstalled that and I'm running a scan with Norton right now. I already ran the Winsock fix thing which rebooted the comp, and Norton made it reboot like two or three times. This baby is going through a lotta work today.
 
Mrvile

Mrvile

Lifer
Oct 16, 2004
14,066
1
0
Ok I just ran LSP Fix and nothing showed up in the Remove box so I'ma assume that my LSP is fine.

Anyway I went through the files created and associated with that toolbar I had, deleted them, deleted all its registry entries, and the comp is running a bit faster now. No more toolbar, no more underlining of random words, but still some popups and still a bit slow. I'm hoping Norton and a final Safe Mode run of Adaware, Spybot, and Norton will clean it all up.
 
mechBgon

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
After you do your final round of Safe Mode scans, reboot into normal mode, run another Hijack This and plop the logfile into that analyzer again, and see if any of it has come back.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom