Log Help Please

[trez8289]

Hello...

I was using Internet Explorer. And im guessing i got some spyware.
I now have programs that block it and clean my comp.
I also used Mozilla, but i want to fix the IE problem.

I read and did some of the suggested things from here:
http://www.techist.com/showthread.php?s=&threadid=16781

I used the CWShredder which works, but only temperelory.
Here is the file report:

 **** Run Keys ****

RUN: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
RUN: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 
RUN: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe 
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
RUN: [Steam]  


 **** Browser Helper Objects ****

BHO: [CNavExtBho Class] C:\Program Files\Norton AntiVirus\NavShExt.dll 


 **** IE Toolbars ****

TOOLBAR: [Norton AntiVirus] C:\Program Files\Norton AntiVirus\NavShExt.dll 


 **** IE Extensions ****

IEExt: [AIM] C:\Program Files\AIM\aim.exe 
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe 


 **** Hosts File Entries ****

HOSTS: 127.0.0.1       localhost 
HOSTS: 127.0.0.1       localhost 


 **** IE Settings ****

Default Page: [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/url] 
Default Search: [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url] 
Local Page: C:\WINDOWS\System32\blank.htm 
Search Bar: about:NavigationFailure 
Search Page: about:NavigationFailure 


 **** IE Context Menu (Right click) ****

IEContext: [&AIM Search] res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm 
IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 


 **** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP] 
LSP: MSAFD Tcpip [UDP/IP] 
LSP: RSVP UDP Service Provider 
LSP: RSVP TCP Service Provider 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9FC73D5-BC2A-4DD1-A3E7-625146E3F908}] SEQPACKET 4 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9FC73D5-BC2A-4DD1-A3E7-625146E3F908}] DATAGRAM 4 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84B88EB4-2B64-4363-8BA9-A57BACEF7F2A}] SEQPACKET 3 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84B88EB4-2B64-4363-8BA9-A57BACEF7F2A}] DATAGRAM 3 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7BF8C8F-7131-4347-AA4D-F8D8BB62AC10}] SEQPACKET 0 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7BF8C8F-7131-4347-AA4D-F8D8BB62AC10}] DATAGRAM 0 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC59549C-102E-46D8-A50B-ACD48CA728A0}] SEQPACKET 1 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC59549C-102E-46D8-A50B-ACD48CA728A0}] DATAGRAM 1 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70B7DC6D-ECF4-40F3-B6AB-4308203E68ED}] SEQPACKET 2 
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{70B7DC6D-ECF4-40F3-B6AB-4308203E68ED}] DATAGRAM 2 


 **** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No 
BLOCKED: [odbccp32.cpl] No 


 **** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab] 
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab] 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [[url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094260656929[/url]] C:\WINDOWS\System32\wuweb.dll 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [[url]http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab[/url]] 
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} [[url]http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab[/url]] 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [[url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]] 


 **** Custom IE Search Items ****

SEARCH: [SearchAssistant] about:NavigationFailure 
SEARCH: [CustomizeSearch] [url]http://ie.search.msn.com/[/url]{SUB_RFC1766}/srchasst/srchcust.htm 
SEARCH: [SearchAssistant] about:NavigationFailure

I made a copey of the "Hijack This" file.
Here it is:

Logfile of HijackThis v1.97.7
Scan saved at 10:09:16 AM, on 12/25/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {66298D1C-FF20-40EB-BF1C-67E8BFCC2AA4} - C:\WINDOWS\system32\aof.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094260656929[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]

I'm good at computers but I dont know how to do that MSDOS Safe Mode stuff that, that one guy was saying.

Help is greatly apreciated. Thank You.

Thank You.

 

[intercodes]

trez8289,

Your Hijackthis software version is old. Can you get the new one and repost the log.And i assume you have spybot S & D and ad-aware se personal installed and scanned with..


-IC

 

[trez8289]

trez8289,

Your Hijackthis software version is old. Can you get the new one and repost the log.And i assume you have spybot S & D and ad-aware se personal installed and scanned with..


-IC

Sure.

Here is the new log.

Logfile of HijackThis v1.99.0
Scan saved at 2:08:29 PM, on 12/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {930B5B71-ED2B-4879-92EB-D0822E19314B} - C:\WINDOWS\system32\nag.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094260656929[/url]
O18 - Filter: text/html - {DB731E46-1CE6-4945-BBE3-3E4651F3E4EE} - C:\WINDOWS\system32\nag.dll
O18 - Filter: text/plain - {DB731E46-1CE6-4945-BBE3-3E4651F3E4EE} - C:\WINDOWS\system32\nag.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

and yes, I do use Ad aware. What is S & D?

 

[trez8289]

btw... do you suggest using Mozilla Firefox anyway?

I would like to fix this problem because I dont want spyware and crap in my computer. Also when I login in on AIM, Popups come up when i login.

Thanks man. :-D

 

[intercodes]

What is S & D?

Spybot search and destroy

btw... do you suggest using Mozilla Firefox anyway?

Hell, yes!!!!!

Okay, here we go...

* Download spybot search and destroy and cwshredder.[ dont try them yet ]
* Turn of system restore http://www.pchell.com/virus/systemrestore.shtml
* Close all windows , except HJT and select and fix the following entries.

-------------------------

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm [If you dont need this, fix this]

---------------------------

* Next, run cwchredder and spybot S&D
*reboot your system and post a new log.

 

[trez8289]

[e]
I just installed S & D, and Im about to turn off System Restore.

Thanks so much for you help man.

 

[trez8289]

btw.. do you also have any type of IM program like AIM, MSN Messenger, or mIRC. I would like to talk to you about Firewalls and stuff. This is not my only computer. I have three which are all important to me, so I want to make sure theyr safe. Thanks

[e]
also,

can you maybe tell me how i would be able to uninstall IE since i dont need it? do you suggest i do that? or just not use it?

thx

 

[trez8289]

hey.
i just did what you told me to do.
as for now it works great.

When I used S&D, only this came up:

I fixed it. And then I scaned again, and it showed up as a problem again. I dont think its a big problem. What do you think?

 

[trez8289]

SHIT!!!

After doing what you said.. It eventuly goes back. :-/
This sucks.

 

[intercodes]

do you also have any type of IM program like AIM, MSN Messenger, or mIRC

only Yahoo: intercodes

SHIT!!!

Calm down.. . I want you to repost your log.