Options
Please! Need HELP with a HJT LOG!!
I have my PC infested with spyware :banghead:
I ran adware, cw shreder and spybot and a few more and this is my HJT log...
Logfile of HijackThis v1.99.0
Scan saved at 22:29:00, on 11-02-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\Programas\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Programas\Norton Internet Security\ccPxySvc.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\HP\Digital Imaging\Promotions\HPpromo.exe
C:\Programas\Logitech\Video\LogiTray.exe
C:\programas\quicktime\qttask.exe
C:\WINDOWS\System32\expolerhost.exe
C:\WINDOWS\System32\servicediag.exe
C:\Programas\SETI@home\SETI@home.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programas\SpywareGuard\sgmain.exe
C:\Programas\SpywareGuard\sgbhp.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Messenger\msmsgs.exe
C:\Documents and Settings\Alves da Costa\Os meus documentos\SPYWARE\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - {AA933FE8-6165F-6A87-D16A5-EE160350216512} - control64.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programas\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 2400 series] "C:\Programas\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 2400 series" -r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\programas\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runlogspool] C:\WINDOWS\System32\expolerhost.exe
O4 - HKLM\..\Run: [diagservicex] C:\WINDOWS\System32\servicediag.exe %srun%
O4 - HKLM\..\Run: [34763] Bogobot.exe
O4 - HKLM\..\Run: [NsCplTray] powerdll.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [seticlient] C:\Programas\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [runexpoler] C:\WINDOWS\System32\expolerhost.exe
O4 - HKCU\..\Run: [expolerx] C:\WINDOWS\System32\servicediag.exe %srun%
O4 - HKCU\..\Run: [driver64] 34763.exe
O4 - HKCU\..\Run: [stuffmon] sound64.exe
O4 - HKCU\..\Run: [SYSTRAV] zxc.exe
O4 - Startup: Webshots.lnk = C:\Programas\Webshots\Launcher.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Programas\BHODemon 2\BHODemon.exe
O4 - Startup: SpywareGuard.lnk = C:\Programas\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{26C2C9E1-4AE9-4915-B3BC-F61D2520F84B}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{69549A9C-122D-4E4E-9686-41FAEF5C200D}: NameServer = 69.50.188.180 195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF952A4-C9CE-492E-B4C4-C8973D195634}: NameServer = 69.50.188.180,195.225.176.31
O18 - Filter: tœ†5ò!DÆR - {282632AA-1856-408B-8ED5-E7A8E2DDAB2B} - C:\WINDOWS\System32\qwsxp.dll
O18 - Filter: tœ†5òUEÆR - {8DE9F957-63C5-469B-A3B9-6FCED2586ED3} - (no file)
O18 - Filter: tœ†5òˆEÆR - {E1A8D064-DDEC-4753-A04B-97E51671A304} - C:\WINDOWS\System32\qwsxp.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programas\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programas\Norton Internet Security\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
Can you help me PLEASE?
Thanks
This is what I FORGOT, sorry
There is a small window that keeps poping up with the message:
Winsock Error
Is this related with spyware?
This is what a piece of the Winsock Error log file shows:
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Occurred#: 11-02-2005 / 22:49:09
---
Error_Description#
System-File: "servicediag.exe" was blocked by an unknown Firewall !
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Occurred#: 11-02-2005 / 22:49:14
---
Error_Description#
System-File: "expolerhost.exe" was blocked by an unknown Firewall !
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Occurred#: 11-02-2005 / 22:50:06
---
Error_Description#
System-File: "servicediag.exe" was blocked by an unknown Firewall !
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Occurred#: 11-02-2005 / 22:51:39
---
Error_Description#
System-File: "servicediag.exe" was blocked by an unknown Firewall !
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Thank you!
I ran adware, cw shreder and spybot and a few more and this is my HJT log...
Logfile of HijackThis v1.99.0
Scan saved at 22:29:00, on 11-02-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\Programas\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Programas\Norton Internet Security\ccPxySvc.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\HP\Digital Imaging\Promotions\HPpromo.exe
C:\Programas\Logitech\Video\LogiTray.exe
C:\programas\quicktime\qttask.exe
C:\WINDOWS\System32\expolerhost.exe
C:\WINDOWS\System32\servicediag.exe
C:\Programas\SETI@home\SETI@home.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programas\SpywareGuard\sgmain.exe
C:\Programas\SpywareGuard\sgbhp.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Messenger\msmsgs.exe
C:\Documents and Settings\Alves da Costa\Os meus documentos\SPYWARE\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - {AA933FE8-6165F-6A87-D16A5-EE160350216512} - control64.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programas\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 2400 series] "C:\Programas\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 2400 series" -r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\programas\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runlogspool] C:\WINDOWS\System32\expolerhost.exe
O4 - HKLM\..\Run: [diagservicex] C:\WINDOWS\System32\servicediag.exe %srun%
O4 - HKLM\..\Run: [34763] Bogobot.exe
O4 - HKLM\..\Run: [NsCplTray] powerdll.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [seticlient] C:\Programas\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [runexpoler] C:\WINDOWS\System32\expolerhost.exe
O4 - HKCU\..\Run: [expolerx] C:\WINDOWS\System32\servicediag.exe %srun%
O4 - HKCU\..\Run: [driver64] 34763.exe
O4 - HKCU\..\Run: [stuffmon] sound64.exe
O4 - HKCU\..\Run: [SYSTRAV] zxc.exe
O4 - Startup: Webshots.lnk = C:\Programas\Webshots\Launcher.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Programas\BHODemon 2\BHODemon.exe
O4 - Startup: SpywareGuard.lnk = C:\Programas\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{26C2C9E1-4AE9-4915-B3BC-F61D2520F84B}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{69549A9C-122D-4E4E-9686-41FAEF5C200D}: NameServer = 69.50.188.180 195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF952A4-C9CE-492E-B4C4-C8973D195634}: NameServer = 69.50.188.180,195.225.176.31
O18 - Filter: tœ†5ò!DÆR - {282632AA-1856-408B-8ED5-E7A8E2DDAB2B} - C:\WINDOWS\System32\qwsxp.dll
O18 - Filter: tœ†5òUEÆR - {8DE9F957-63C5-469B-A3B9-6FCED2586ED3} - (no file)
O18 - Filter: tœ†5òˆEÆR - {E1A8D064-DDEC-4753-A04B-97E51671A304} - C:\WINDOWS\System32\qwsxp.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programas\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programas\Norton Internet Security\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
Can you help me PLEASE?
Thanks
This is what I FORGOT, sorry
There is a small window that keeps poping up with the message:
Winsock Error
Is this related with spyware?
This is what a piece of the Winsock Error log file shows:
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Occurred#: 11-02-2005 / 22:49:09
---
Error_Description#
System-File: "servicediag.exe" was blocked by an unknown Firewall !
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Occurred#: 11-02-2005 / 22:49:14
---
Error_Description#
System-File: "expolerhost.exe" was blocked by an unknown Firewall !
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Occurred#: 11-02-2005 / 22:50:06
---
Error_Description#
System-File: "servicediag.exe" was blocked by an unknown Firewall !
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Occurred#: 11-02-2005 / 22:51:39
---
Error_Description#
System-File: "servicediag.exe" was blocked by an unknown Firewall !
Microsoft Winsock# ID#> 083243.V321 (c) by Microsoft
Thank you!
0
Comments
Make sure they are set to clean automatically:
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
If there are files that can not be removed by the scans please include that information in your next post.
Reboot and post a new hijackthis log.
http://housecall.trendmicro.com/
http://www.pandasoftware.com/active...n_principal.htm
Trendmicro didn't find anything and Panda found three and cleaned Them.
New hjt log:
Logfile of HijackThis v1.99.0
Scan saved at 22:01:32, on 13-02-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\Programas\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programas\Norton Internet Security\ccPxySvc.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\HP\Digital Imaging\Promotions\HPpromo.exe
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programas\BHODemon 2\BHODemon.exe
C:\Programas\SpywareGuard\sgmain.exe
C:\Programas\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Alves da Costa\Os meus documentos\SPYWARE\HijackThis.exe
C:\Programas\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - {AA933FE8-6165F-6A87-D16A5-EE160350216512} - control64.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programas\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 2400 series] "C:\Programas\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 2400 series" -r
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\programas\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [34763] Bogobot.exe
O4 - HKLM\..\Run: [NsCplTray] powerdll.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [seticlient] C:\Programas\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [driver64] 34763.exe
O4 - HKCU\..\Run: [stuffmon] sound64.exe
O4 - HKCU\..\Run: [SYSTRAV] zxc.exe
O4 - Startup: Webshots.lnk = C:\Programas\Webshots\Launcher.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Programas\BHODemon 2\BHODemon.exe
O4 - Startup: SpywareGuard.lnk = C:\Programas\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programas\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26C2C9E1-4AE9-4915-B3BC-F61D2520F84B}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF952A4-C9CE-492E-B4C4-C8973D195634}: NameServer = 69.50.188.180,195.225.176.31
O18 - Filter: tœ†5ò!DÆR - {282632AA-1856-408B-8ED5-E7A8E2DDAB2B} - C:\WINDOWS\System32\qwsxp.dll
O18 - Filter: tœ†5òUEÆR - {8DE9F957-63C5-469B-A3B9-6FCED2586ED3} - (no file)
O18 - Filter: tœ†5òˆEÆR - {E1A8D064-DDEC-4753-A04B-97E51671A304} - C:\WINDOWS\System32\qwsxp.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programas\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programas\Norton Internet Security\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
Somehow the winsockerror that I mentioned in my other post is gone !!!???
Thanks.
http://www.short-media.com/forum/showpost.php?p=172588&postcount=3
Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R3 - URLSearchHook: (no name) - {AA933FE8-6165F-6A87-D16A5-EE160350216512} - control64.dll (file missing)
O4 - HKLM\..\Run: [34763] Bogobot.exe
O4 - HKLM\..\Run: [NsCplTray] powerdll.exe
O4 - HKCU\..\Run: [driver64] 34763.exe
O4 - HKCU\..\Run: [stuffmon] sound64.exe
O4 - HKCU\..\Run: [SYSTRAV] zxc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\..\{26C2C9E1-4AE9-4915-B3BC-F61D2520F84B}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF952A4-C9CE-492E-B4C4-C8973D195634}: NameServer = 69.50.188.180,195.225.176.31
O18 - Filter: tœ†5ò!DÆR - {282632AA-1856-408B-8ED5-E7A8E2DDAB2B} - C:\WINDOWS\System32\qwsxp.dll
O18 - Filter: tœ†5òUEÆR - {8DE9F957-63C5-469B-A3B9-6FCED2586ED3} - (no file)
O18 - Filter: tœ†5òˆEÆR - {E1A8D064-DDEC-4753-A04B-97E51671A304} - C:\WINDOWS\System32\qwsxp.dll
Reboot your computer into Safe Mode
Then delete these files or directories (Do not be concerned if they do not exist):
Bogobot.exe
powerdll.exe
34763.exe
sound64.exe
zxc.exe
C:\WINDOWS\System32\qwsxp.dll
Reboot and post a new hijackthis log.