-
September 9th, 2004, 06:13 PM
#1
HiJack This Logfile~Could someone please check for me
Hi Guys, My computer has been free from virus's for ages now. From good advice from this forum some while back I now have AVG, adaware,spybot, spyware blaster etc. installed, and update these regularly..
Well yesterday, just through a moments lack of concentration, I managed to download I-Worm/Netsky.Q
Great..
AVG detected it, but couldn't get rid of it..I managed to find other piece of software that did exterminate it.. BUT..I have posted my logfile because I am not certain about it, especially the bottom one starting 017...........
It comes in only after I have dialed up and gone online..I can get rid of it if I run Hijackthis, but sometimes if I don't leave it in there, my servers wont connect to any websites ? I don't know if that is relevant or not..Anyway here is my logfile, if there is any junk in there I need to get rid of I'd appreciate your help
Thanks in advance Regards Barbara
Logfile of HijackThis v1.98.2
Scan saved at 23:02:25, on 09/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\S3apphk.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Barbara\Local Settings\Temp\Temporary Directory 25 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.can-yeovil.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.q-serve.com/signup.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.epw3.com/prefcust/tdem/2039.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [wkthx] qhle.exe autorun
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.q-serve.com/signup.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...load/appdl.cab
O16 - DPF: {5D409149-F8C3-11D3-859B-00105A10A549} (Agent2Flash Class) - http://eagentmail.marketdepotu.com/L...esignerTTS.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E7E1E9-A7B9-4A32-AE70-EAF4B59D2AA8}: NameServer = 212.74.114.193 212.74.112.66
-
September 10th, 2004, 07:19 AM
#2
If you live in Amsterdam or the Netherlands, that 017 entry will likely be legitimate & only show when you are on-line.
Hijackthis must be placed in a permanent folder before we can attempt any fixes.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
Go here for an on-line scan & set it to autoclean for you.
Try this scan as well.
Reboot & post another log when done please.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|