CastleCops® help- Hijack scans

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

[READY]help- Hijack scans

All -> FavForums -> Trend Micro HijackThis Logs

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

sexybec

Cadet
Cadet

Joined: Sep 26, 2008
Posts: 2
Location: USA

Posted: Fri Sep 26, 2008 1:00 am Post subject: help- Hijack scans

Hi! Here goes 1. My computer suddenly started telling me it had no room on C. I started deleting stuff but still got the same message. I have deleted almost all my personal stuff & most programs & there hasn't been any space created. It still says I have 1-2% available space. I can't add any new programs, so I can't run any of the recommended programs. I can't use system restore. I don't know how I can detect whatever is taking up all the space. 2. I can't use anything but CCleaner which was already on my computer. I had run an AdAware scan (nothing showed) & then I deleted the AdAdware (trying to make room.... ) 3. Cussing & crying 4. !st scan: StartupList report, 9/25/2008, 5:39:48 PM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16705) * Using default options =================================== =============== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVe rsion\Run Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVe rsion\RunOnce WIAWizardMenu = RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWi zardMenu -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVe rsion\RunOnceEx (Default) = -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVe rsion\Run CursorXP = C:\Program Files\CursorXP\CursorXP.exe MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=Registry value not found drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA} (no name) - (no file) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Download Program Files: [BDSCANONLINE Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan82.ocx CODEBASE = http://download.bitdefender.com/resources/sca n8/oscan8.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll -------------------------------------------------- End of report, 4,662 bytes Report generated in 0.047 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only 5. 2nd scan (after running CCleaner Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:47:54 PM, on 9/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sfbay.craigslist.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVe rsion\Internet Settings,ProxyOverride = 127.0.0.1;<local> O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWi zardMenu O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/sca n8/oscan8.cab O20 - Winlogon Notify: __c007EFB8 - C:\WINDOWS\system32\__c007EFB8.dat O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -- End of file - 4191 bytes Thank you for any help you can give me. I'm at a loss & really don't know what to do.

Prince_Serendip

Site Moderator

Joined: Sep 07, 2002
Posts: 17542

Posted: Sun Sep 28, 2008 4:50 am Post subject:

You're Ready for cleaning. At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you. Note: Due to staff shortages, you may have to wait for sometime before you get help. _________________ Microsoft MVP Consumer Security 2006, 2007 & 2008

sexybec

Cadet
Cadet

Joined: Sep 26, 2008
Posts: 2
Location: USA

Posted: Wed Oct 01, 2008 3:53 am Post subject: additional info

Great! Some additional info is Recently, my Internet Explorer gets hijacked, with each link leading to popups, most of the pop ups are about my computer being infected, and another pop up about AntiVirus2009 to clean the problem. When I use just use MSN, I don't get the pop ups. If I have both MSN & IE open, I get the pop ups with everything I open.

	All -> FavForums -> Trend Micro HijackThis Logs	All times are GMT
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 129ppm 0.217s (0.043s) Making cybercriminals unhappy since 2002*