Previous Topic Next Topic

Hijackthis Logfile pls check...

Solved/Closed
baby jane Posts 72 Registration date Sunday March 28, 2010 Status Member Last seen January 3, 2012 - May 26, 2011 at 05:13 AM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 28, 2011 at 03:39 PM
Hi,

I just had a virus corrupting my PC, I just finished running Malwarebytes, Superantispyware, Microsoft Security Essentials and lastly, Hijackthis. Can someone pls check the log whether i still have some virus on my system?


Thank u so much!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:58 PM, on 10/30/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Privacyware\Privatefirewall 7.0\PF6.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\dell\AppData\Roaming\Chikka Messenger\Chikka v.5\ChikkaLauncher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=15243&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.167.187.187:3127
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PF6.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ChikkaV5] C:\Users\dell\AppData\Roaming\Chikka Messenger\Chikka v.5\ChikkaLauncher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
Related:

4 responses

Answer 1 / 4
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
May 26, 2011 at 05:42 AM
Dear Baby,

There you are again. So you managed to contract another infection!

I do not use Hyjackthis anymore because it only gives very partial information and sometimes they are not exact.

However, at first glance, I can positively tell you that your system is infected. You are still using ask.com which is on a security blacklist and MyWebSearchService which is also an infected service.

Now that I have answered your question is there anything else I can do for you?

Regards
0
baby jane Posts 72 Registration date Sunday March 28, 2010 Status Member Last seen January 3, 2012
May 26, 2011 at 09:25 AM
yeah, on and on again i have been infected by virus but can u guide me on how to remove it or which from the list should i remove??

Thanks so much!!
0
baby jane Posts 72 Registration date Sunday March 28, 2010 Status Member Last seen January 3, 2012
May 28, 2011 at 04:03 AM
if u dont mind what is ZHP???

TY
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
May 28, 2011 at 04:10 AM
ZHP Diag is the log I now use instead of Hyjackthis
0
Answer 2 / 4
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
May 26, 2011 at 04:20 PM
Jane,

Run, just a scan with Hyjackthis and once the scan is finished, check and delete the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=15243&l=dis

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

Those are the nasties shown by HJT, however, as I said, HJT only gives very partial information and your system may stay infected or get infected again. The only way I can help further is to get a ZHP Diag log. I no longer trust HJT.

Good luck

P.S. For your own safety, I strongly suggest that you remove this application:

C:\Program Files\SweetIM\Messenger\SweetIM.exe
(It's a virus and spyware nest breathing on your system's lungs)
0
Answer 3 / 4
baby jane Posts 72 Registration date Sunday March 28, 2010 Status Member Last seen January 3, 2012
May 28, 2011 at 06:33 AM
can u send me a link on which i can download ZHP as well?? ty
0
Answer 4 / 4
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
May 28, 2011 at 03:39 PM
Open this link and download ZHPDiag :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


Register the file on your Desktop.

Double click on ZHPDiag.exe and follow the instructions.

the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).

Double click on the short cut ZHPDiag on your Destktop.

Click on the Magnifying glass and run the analysys.

Wait for the tool to finished (maybe a long time)

Close ZHPDiag.


To transmit the report, click on this link :

https://authentification.site

Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).

Select the file ZHPDiag.txt.

Click on "upload »

Copy the url and post it here
0

Similar discussions

Facebook Security Check Preventing Login
huhjehun -
HelpiOS -

1 response
Security check preventing log in
Jovydlgr -
Amandabee -

5 responses
Unsupported signal. Please check device output
S.Agnew -
Yaya68 -

14 responses