(Suggestions? &) Help with a Hijackthis log, anyone?

Posted 12/17/2005 8:38 PM
#25471
User avatar

scbeekeeper Member

Date Joined Nov 2016
Total Posts: 1
Hi,

I NEVER open or launch ANYTHING I've received or downloaded without doing a McAfee virus scan on it first, and I'm very diligent about updating my virus/malware definitions, using automatic updates for McAfee VirusScan8 and MS Antispyware beta, and manually doing my updates for AdAwareSE, Spybot14, and SpywareBlaster virtually every time I open a browser, as well as running Stinger every couple days or so, but I have a major problem with a recurring “Generic Downloader.v” javainstaller applet Trojan that gets detected EVERY time I run AdAware, and have spent HOURS and HOURS trying to debug my system and hopefully _prevent_ its reoccurrence, with no luck so far. Am pretty frustrated.

Not only for the lack of success with that _known_ problem, but am pretty sure there is at least one or more _other_ things going on as well, judging by the random sluggishness, freeze-up, and glitches I’m experiencing also. Have recently set up a limited browsing account for myself to hopefully forestall some of the problems with browsing, as well as disabling Java, but still, have noticed that invariably there seems to be one more process running than is shown in my taskbar when I return to the computer after a few minutes and its in “sleep mode”. This makes me think that there is _at least_ one other problem as well, since I can’t identify anything in my registry settings and process viewers that seems to indicate what it would be.

I’ve run all the above scans in safe mode numerous times and it has never stopped it yet; pretty frustrated that McAfee says that “updated engine and DAT files will detect it and remove it” – how about BLOCKING the bleeping thing?!? Got so frustrated that I just downloaded a trial version of F-Secure Anti-Virus 2006 to run it (which necessitated going offline and the removal of both AdAware and McAfee to do so), and after running a full scan (that took 3&1/2 hours!), it *#$*^#! refused to let me view the report. GRRRRRRR!

So, of course, I just ran it again, so I could see what 2 viruses it said it detected the first time and to see which ONE (why only one??) of the 2 it renamed (per my setting changes to hopefully at least deactivate it – if I couldn’t remove it) and Guess What?!?!?! Couldn’t view the report again this time either!! Said it detected only 1 virus this time, but it wasn’t re-named. Clicked on the (active) ScanWizard “Show Report” button>>nothing. Click on the CommandCenter “ViewReport” button>>”No new report”. ??????? GRRRRRRR!!!! Not too impressed with F-Secure at this point. The WHOLE POINT was to see what they were, and how does it get me anywhere if they’re now re-named (one of them, anyways) but still don’t know what/where they are?!? Maddening. Truly maddening after 7+ hours invested. F-Secure just sucks in my book at this point, as I now have to re-install both AdAware and McAfee again, to boot. Have downloaded a Sophos trial am willing to give a go with if anyone has a good word about it.

Also, I have a new DSL connection (FINALLY got wired for it way out here in the boonies! BellSouth, 1.5mbps, Westell/Wirespeed modem), and just recently uninstalled Firefox to see if that cured the problem – NOPE. Using IE6 now, with all MS security updates, and though I have XP’s(SP2) firewall turned on with cookies blocked, privacy settings on MedHi, and scripting notification on, am not sure if there’s something else in the mix that I’m missing, as I’m now getting notifications from this morning’s installation of F-Secure that there are possible browser hijack attempts when I go back online or sometimes open a new link (??that may have been happening all along, but just without notification of them previously??).

I also have one more anomaly that I can’t explain; I have a (one and one only) TOTALLY blank Command Line entry in my “msconfig” Startup report that is attributed to “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”. I don’t know what this is or why it alone is not described as all the others are. Have deactivated other applications here that I know what they are and have had no problems (although would like to know how to remove some of them still present _entirely_ from the Startup Programs/menu) but definitely will not mess with this registry without knowing what I’m doing first.

Have been advised by a friend to get my own router (a LinkSys, probably) to (his words) 100% prevent such problems, but first, would really like to get my system cleaned and have my settings changed/restored to eliminate/prevent as many of these problems from re-occurring in case I don’t get the router.

Can anyone help with my hijackthis log below and/or have any suggestions otherwise? Much appreciated - Thanks!!



Logfile of HijackThis v1.99.1

Scan saved at 3:22:58 PM, on 12/17/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe

C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\SYSTEM32\3cmlink.exe

C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\SYSTEM32\3cshtdwn.exe

C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe

C:\WINDOWS\SYSTEM32\3cmlink.exe

C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\F-Secure Internet Security\FSGUI\fsavgui.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

C:\Documents and Settings\Bradley\Desktop\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msnbc.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msnbc.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [APV] H:\Software\Process viewers\Autostart_ Process Viewer\autostart_and_process_viewer.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - https://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134567180836

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - https://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - https://fdl.msn.com/zone/datafiles/heartbeat.cab

O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, May 25, 2018, 8:43 PM (GMT +2)
There are a total of 61,605 posts in 13,563 threads.
In the last 3 days there were 0 new threads and 1 reply posts.

Who's online

This forum has 38,318 registered members. Please welcome our newest member, Dellsupport.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.