-
well hjk woun't let me open the window. i click the button and it does nothing or closes its self
and i did a panda soft scan
Incident Status Location
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\8zs3x588.xn vngd\cookies.txt[.realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\8zs3x588.xn vngd\cookies.txt[.com.com/]
Adware:Adware/WinTools Not disinfected C:\WINXP\system32\grwinsthlp.exe
Potentially unwanted tool:Application/Restart Not disinfected C:\WINXP\system32\Tools\Restart.exe
one of them is a hacking tool, so i guess the most potent...
-
ok lets try pocket killbox instead.
you can get it here:download it to your desktop
http://www.geekstogo.com/forum/index...details&f_id=2
---------------------------------------------
run pocket killbox, check the Delete on reboot option, and click the single file box option--- copy and paste this:
C:\WINXP\system32\jkhhg.dll
in to the Full Path of File to Delete, click the red X.
at the delete on reboot prompt select yes. at the next prompt it will ask if you want to reboot now. select no. copy and paste the next two files below in the window, click red x, delete on reboot, no
when you copy/paste the last file, click red x, delete file on reboot, reboot now? yes.
C:\WINXP\system32\grwinsthlp.exe
C:\WINXP\system32\Tools\Restart.exe
shelf life
-
lol.. kill box wouldn't restart, and wouldn't let me put mroe than one file in...
but i just used the recovery console form the windows disk and deleted them that way.
should that fix it all?
heres teh hjk file just in case:
Logfile of HijackThis v1.99.1
Scan saved at 10:06:58, on 22/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINXP\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINXP\system32\tblmouse.exe
C:\WINXP\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINXP\system32\RunDll32.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\Wt32exe.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\comphelpspybot\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newage3.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B8A8A387-4AFF-4210-B674-0ABA882FEA2D} - C:\WINXP\system32\jkhhg.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINXP\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINXP\System\SmWizard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.macromedia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1126358425546
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary...o.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file
missing)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: jkhhg - C:\WINXP\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINXP\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program
Files\xampp\filezillaftp\filezillaserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINXP\system32\Wt32exe.exe
--------------------------------
it shows that the jkhhg file now has a missing dll. i'm going to run CCleaner now to remove that, and all the temp files etc.
-
hi Mr_PieChee,
yes, log looks ok. run hjt to remove these from the log:
O2 - BHO: (no name) - {B8A8A387-4AFF-4210-B674-0ABA882FEA2D} - C:\WINXP\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: jkhhg - C:\WINXP\system32\jkhhg.dll (file missing)
shelf life
-
Thanks for all your help, its greatly appreciated!
-
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
