Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis


  • Please log in to reply
2 replies to this topic

#1 cjbuttahs

cjbuttahs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mars
  • Local time:01:39 PM

Posted 02 August 2007 - 12:20 AM

Hi thank you for reading this, i need help desperitly. this morning, i had 8 gigs, now i have 800 megs. i downloaded a program, and i think that that did it. I downloaded hijack this, and this is the logfile. If you could read it and tell me what to delete, that would be much appreciated. here is the logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:29 PM, on 8/1/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Plugins\Plugins\35133AECCB8C47D6829FFAB402FB18C7\PamelaPCR.exe
C:\Program Files\Project64 v1.5\Project64.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\RunOnce: [UnHackMe] C:\PROGRA~1\UnHackMe\Unhackme.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{48543A7F-0510-1033-1201-051114200001}] "C:\Program Files\Common Files\{48543A7F-0510-1033-1201-051114200001}\Update.exe" mc-110-12-0002400 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{48543A7F-0510-1033-1201-051114200001}] "C:\Program Files\Common Files\{48543A7F-0510-1033-1201-051114200001}\Update.exe" mc-110-12-0002400 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: JEHWNUJR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\RYANWO~1.MAM\LOCALS~1\Temp\JEHWNUJR.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SZA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\RYANWO~1.MAM\LOCALS~1\Temp\SZA.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 3424 bytes




thank you for you time, and have a great day or night.

God Bless. :thumbsup:

BC AdBot (Login to Remove)

 


#2 cjbuttahs

cjbuttahs
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mars
  • Local time:01:39 PM

Posted 02 August 2007 - 12:37 AM

I know this is long and tidious, but i would really appreciate it. thank you sooooo much for your time. :thumbsup:

#3 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:39 AM

Posted 02 August 2007 - 01:33 AM

Hello there!

( 1 )

We can definitely help you, but first you need to help us.

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click Here Apply the update, reboot.

( 2 )

I notice that you do not seem to be running Antivirus software and a Firewall.
Avira AVG OR Active Virus shield? (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Perform a full scan with your Antivirus and let it remove anything it is finding. Then reboot once again.
After reboot, post a new HijackThislog in your next reply, so we can deal with the rest, because it really doesn't make sense that we try to clean this if you didn't do an effort to run a scan and at least install an Antivirus to prevent further infection.

Edited by Rahina Rescue, 02 August 2007 - 01:36 AM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users