Hijack this log need some help

By laslo
May 23, 2005
Topic Status:
Not open for further replies.
  1. HI there
    I seem to have something called altnet that is identifed in every spyware scan i do but never goes away, plus i keep getting messages that something is trying to change my browser settings (Avant Browser) from Spyware guard i think and Microsft Antispyware.
    Tried to follow the steps befroe posting my log but in Adaware, everytime i get to C:\Windows\ServicePackFiles\i386\lang directory it stops scanning, I ran Spybot which scans fine. Also i wasnt sure about deleting all the entries in the backup in Hijack. Not sure if that is what you meant about 'Then delete all individual files/programs that were fixed'?

    dazed confused
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    First of all, get rid of Avant. It is no more than IE with a pretty dress on!
    It is also just as dangerous, 'holey' and infection-prone as IE itself.
    Go to www.getfirefox.com and get, well... Firefox!

    Boot in Safe Mode.
    Switch System restore OFF.


    UNinstall (if you can, NOT delete yet), anything to do with:
    C:\PROGRA~1\IDOLUP~1\MAIL LOVE.dll

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: The New Part - {836F3A37-F4DF-4F6B-7967-8CC7C6A4A833} - C:\PROGRA~1\IDOLUP~1\MAIL LOVE.dll
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)

    Now click on the Fix Checked button in HJT.
    When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal. When all OK, switch System Restore back on.
  3. laslo

    laslo Newcomer, in training Topic Starter

    unsure of instruction

    your statement

    When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself

    im unsure as to what you mean?

    in Spybot still get Altnet and Backweb lite, always try to remove but they always reappear
  4. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  5. laslo

    laslo Newcomer, in training Topic Starter

    HIjack log

    i think i ve done evertything

    I still cant complete a full suystem Scan under Adaware. Spybot always finds Altnet but can never get rid of it. Microsoft Antispyware Beta always finds Altnet and a Possible Browser Hijack - the detected location is 'Internet Explorer Search page' and never fixes these. When i try to fix the 2 items after a Microsoft Antispyware Beta scan Spywareguard pops up a few windows in succession asking me if i want my browser settings changed from something to something, the choices in these windows is to 'Restore old Value' or 'accept new value', or something like that. I always select restore old value and after 2-3 pop ups i never see the Spyware guard popups again, until i try to clean with Microsoft antivrus again??.

    here is my log:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:31:09 AM, on 27/05/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Anti spyware etc\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: PowerReg Scheduler.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    cheers
  6. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Here are some instructions to remove Altnet:
    http://www.scanspyware.net/info/Altnet.htm

    And I see you still have your Avant extras loaded. Dump Avant for Firefox!

    SpywareGuard is now in version 2.2, what is yours? Maybe update?
  7. laslo

    laslo Newcomer, in training Topic Starter

    i did uninstall avant and installed firefox, guess some lingering bits and pieces

    Spyware guard is 2.2

    Is the scanspyware program a good program? It says it gets rid of Altnet

    Still cant finish a full system scan in Adaware, do you know if there are any peer support forums that deal wiht adaware? I cant find them

    regards
  8. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Isn't it time you start using Google?
  9. laslo

    laslo Newcomer, in training Topic Starter

    hey buddy ive been trying, i wouldnt waste this boards time if i hadnt. Thought since adaware was a cornerstone of what this forum is about someone would know, instead of replying with comments like that

    thanks for the earlier help
  10. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  11. laslo

    laslo Newcomer, in training Topic Starter

    Lavasoft forums??

    i tried but i cant find the forum, everytime i see a link to support for the free version it sends me to http://www.lavasoft.de/ Believe me ive spent alot of time looking for the forum but no success. I see it mentioned but cant find it. Lavasoft was the first place i looked. If anyone can find it id really appreciate the link
  12. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  13. laslo

    laslo Newcomer, in training Topic Starter

    thanks foir the help
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.