help :)

  • deathblade
  • Proficient
  • Proficient
  • User avatar
  • Posts: 419
  • Loc: u.k

Post 3+ Months Ago

i;ve removed some stuff in hijackthis and scanned with avast and is still there >_<


Code: [ Select ]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:32, on 26/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\alison\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about&#058;blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} (Active DJ Studio ActiveX Control) - http://www.christianrock2.net/amp3dj.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - C:\WINNT\system32\zfaiqwr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/alison/Desktop/IMAG0181.JPG
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\alison\Desktop\IMAG0181.JPG
O24 - Desktop Component 3: (no name) - http://photos-c.ak.facebook.com/photos- ... 4_2538.jpg
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\alison\Desktop\Shortcut to IMAG0181.lnk

--
End of file - 4371 bytes
  1. Logfile of Trend Micro HijackThis v2.0.2
  2. Scan saved at 12:23:32, on 26/04/2008
  3. Platform: Windows 2000 SP4 (WinNT 5.00.2195)
  4. MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  5. Boot mode: Normal
  6. Running processes:
  7. C:\WINNT\System32\smss.exe
  8. C:\WINNT\system32\winlogon.exe
  9. C:\WINNT\system32\services.exe
  10. C:\WINNT\system32\lsass.exe
  11. C:\WINNT\system32\svchost.exe
  12. C:\WINNT\system32\spoolsv.exe
  13. C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  14. C:\Program Files\Alwil Software\Avast4\ashServ.exe
  15. C:\WINNT\System32\svchost.exe
  16. c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  17. C:\WINNT\system32\MSTask.exe
  18. C:\WINNT\system32\stisvc.exe
  19. C:\WINNT\System32\WBEM\WinMgmt.exe
  20. C:\WINNT\system32\svchost.exe
  21. C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  22. C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  23. C:\WINNT\Explorer.EXE
  24. C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  25. C:\Documents and Settings\alison\Desktop\HiJackThis.exe
  26. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
  27. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about&#058;blank
  28. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
  29. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
  30. R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL (file missing)
  31. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  32. O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  33. O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
  34. O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  35. O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
  36. O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
  37. O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  38. O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
  39. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  40. O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
  41. O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
  42. O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
  43. O16 - DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} (Active DJ Studio ActiveX Control) - http://www.christianrock2.net/amp3dj.cab
  44. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  45. O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - C:\WINNT\system32\zfaiqwr.dll
  46. O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  47. O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  48. O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  49. O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  50. O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
  51. O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  52. O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
  53. O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/alison/Desktop/IMAG0181.JPG
  54. O24 - Desktop Component 2: (no name) - C:\Documents and Settings\alison\Desktop\IMAG0181.JPG
  55. O24 - Desktop Component 3: (no name) - http://photos-c.ak.facebook.com/photos- ... 4_2538.jpg
  56. O24 - Desktop Component 4: (no name) - C:\Documents and Settings\alison\Desktop\Shortcut to IMAG0181.lnk
  57. --
  58. End of file - 4371 bytes
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

What is avast finding?

R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL (file missing)

The ~2 shows that something was installed and reinstalled. Toolbars are not secure.

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - C:\WINNT\system32\zfaiqwr.dll

^^^^^^ That one has to go for sure.

O16 - DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} (Active DJ Studio ActiveX Control) - http://www.christianrock2.net/amp3dj.cab

^^^^ I don't trust that one either


Also there is something wrong with your McAfee install. If you are not subscribed to it and updating it, uninstall it. The same goes for all Anti Virus programs.
  • deathblade
  • Proficient
  • Proficient
  • User avatar
  • Posts: 419
  • Loc: u.k

Post 3+ Months Ago

avast is picking up nothing :(

there is also a icon at the bottum

Image

then changes to a red one with red crossy thingy
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

So, what is the problem? What is the computer doing?
  • deathblade
  • Proficient
  • Proficient
  • User avatar
  • Posts: 419
  • Loc: u.k

Post 3+ Months Ago

Don2007 wrote:
So, what is the problem? What is the computer doing?


nothing now lol what u said to remove fixed it
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

I'm glad to hear that.
  • deathblade
  • Proficient
  • Proficient
  • User avatar
  • Posts: 419
  • Loc: u.k

Post 3+ Months Ago

Don2007 wrote:
I'm glad to hear that.

sorry i didnt have much time to explain i was kinda in a rush. i had got rid of some stuff in hjt and it was still there lol



my mate had got some spyware and it made like you know the windows virus active warning at the bottom left? well had that and tried to make you install some fake av. and also changed the ie home page to other virus.


but thanks for the help man still got some to learn me thinks :)

Post Information

  • Total Posts in this topic: 7 posts
  • Users browsing this forum: No registered users and 40 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.