TechSpot

help been hijacked!!!

By Cational
Mar 20, 2005
  1. I can rarely use task manager, i get the green icon on the bottom right but it never pops up, the system hangs alot, when i play WoW i get booted out and high latency, when i search online it stalls frequently and the net runs generally low, also i can't access some programs as they immediately do not respond, such as word, ppt and sometimes HJT

    here is the log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:26:38 PM, on 3/20/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Chris\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Processe Manager] mspn32.exe
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [Task manager Service] taskmngv.exe
    O4 - HKLM\..\Run: [Services] C:\cache.exe
    O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe
    O4 - HKLM\..\RunServices: [Task manager Service] taskmngv.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
  2. TylerBello

    TylerBello TS Rookie Posts: 36

    Hmm...im not very good with Hjt...so i ran it through a scanner at

    http://www.hijackthis.de/index.php

    I hope its not against the rules to post this...considering that it is a tool.


    It didnt find anything wrong..except for one thing...try it.
     
  3. Cational

    Cational TS Rookie Topic Starter

    still no change, now my HJT log can't be saved the program doesn't respond, if i don't hear back soon for a way to solve i'll be forced to format again and idon't want to do that
     
  4. TylerBello

    TylerBello TS Rookie Posts: 36

    How many times have you formatted? Run a scan disk to check for inconsitencies....Defrag as soon as you can...it doesnt sound like spyware to me....ogf course its possible...but when you say format AGAIN I assume you do it often,formatting to much has many of the affects that you have given.
     
  5. Cational

    Cational TS Rookie Topic Starter

    only twice, the last time was in january
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Move your Hijackthis file to e.g. C:\HJT\HijackThis.exe

    Boot in Safe Mode
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    mspn32.exe
    taskmngv.exe
    cache.exe

    Next, run HJT on its own and let it 'fix':
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [Windows Processe Manager] mspn32.exe
    O4 - HKLM\..\Run: [Task manager Service] taskmngv.exe
    O4 - HKLM\..\Run: [Services] C:\cache.exe
    O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe
    O4 - HKLM\..\RunServices: [Task manager Service] taskmngv.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    When done, delete the highlighted bold files.
    Boot normal. When all OK, switch System Restore back on.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.