PDA

View Full Version : Help me out again and thanks for last time


erhem
2006-02-17, 23:00
;) im on my other pc and its acting up alot so...yea
heres my hijackthis log


---------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:48:58 AM, on 2/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\fwnet64.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\msupdater.exe
C:\WINDOWS\System32\oleupdate.exe
C:\ekdve.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\BHSV.EXE
C:\Documents and Settings\mm\Desktop\Projects\hijackTHIS\HijackThis.exe
C:\WINDOWS\System32\BHSV.EXE

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Windows Updater] msupdater.exe
O4 - HKLM\..\Run: [Browser Help Svc] BHSV.EXE
O4 - HKLM\..\Run: [Win Update] C:\WINDOWS\System32\oleupdate.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\ekdve.exe
O4 - HKLM\..\RunServices: [Browser Help Svc] BHSV.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] msupdater.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Browser Help Svc] BHSV.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Browser Help Svc] BHSV.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.runescape.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115426691978
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: fwnet64 (fwnet) - Unknown owner - C:\WINDOWS\fwnet64.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
-----------------------------------
thanks for your time :)
tashi
2006-02-18, 01:03
Hello.
Please do not post in other members malware topics, I have removed one of them.

I take it this was another one?
http://forums.spybot.info/showthread.php?t=2416
erhem
2006-02-18, 02:07
opps, sorry im a total newbie here im getting used to it thanks anyway :bigthumb:
illukka
2006-02-21, 23:35
@erhem

go to Panda ActiveScan (http://www.pandasoftware.com/products/activescan.htm)


- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log here into this thread using the post reply button
LonnyRJones
2006-02-27, 10:18
It is requested you respond to volunteer advice within 3 days. Any longer and it becomes necessary to update all information and start over.
The longer the wait the more problems arise and it creates a very difficult situation for successful assistance.
Because you have failed to respond the topic will be closed and moved to archive.