Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Please Look!


  • This topic is locked This topic is locked
2 replies to this topic

#1 dortmund23

dortmund23

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 20 November 2007 - 11:41 AM

Hey,

I was wondering if any of these proceses could be monitoring me or harmful to my PC.

Thanx



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:34 PM, on 11/15/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSygateSPFsmc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:WINDOWSsystem32CTsvcCDA.EXE
C:Program FilesIntelIntel Application Acceleratoriaantmon.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSExplorer.EXE
C:Program FilesIntelIntel Application Acceleratoriaanotif.exe
C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe
C:WINDOWSsystem32CTHELPER.EXE
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSsystem32WDBtnMgr.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesCommon FilesAOL1176847276eeAOLSoftware.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesJavajre1.6.0_02binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPeerGuardian2pg2.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpobnz08.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesMy BookWD BackupuBBMonitor.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpoevm08.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesHewlett-PackardDigital ImagingBinhpoSTS08.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesHide IP Platinumhideippla.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesuTorrentuTorrent.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:Documents and SettingsWilliamDesktopHiJackThis_v2.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dell4me.com/myway
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:Program FilesViewpointViewpoint Toolbar3.8.0ViewBarBHO.dll
O2 - BHO: Boston_Red_Sox Toolbar - {d40eb577-b16f-411b-81dc-afedf8b60a50} - C:Program FilesBoston_Red_SoxtbBos1.dll
O3 - Toolbar: Boston_Red_Sox Toolbar - {d40eb577-b16f-411b-81dc-afedf8b60a50} - C:Program FilesBoston_Red_SoxtbBos1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:Program FilesCommon FilesViewpointToolbar Runtime3.8.0IEViewBar.dll
O3 - Toolbar: AOLToolBand Class - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Application Acceleratoriaanotif.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [IntelMeM] C:Program FilesIntelModem Event MonitorIntelMEM.exe
O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe /r
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [DMXLauncher] C:Program FilesDellMedia ExperienceDMXLauncher.exe
O4 - HKLM..Run: [UpdateManager] "C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM..Run: [REGSHAVE] C:Program FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [AOLDialer] C:Program FilesCommon FilesAOLACSAOLDial.exe
O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1176847276eeAOLSoftware.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"
O4 - HKLM..Run: [SmcService] C:PROGRA~1SygateSPFsmc.exe -startgui
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [PeerGuardian] C:Program FilesPeerGuardian2pg2.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVGFRE~1avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVGFRE~1avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVGFRE~1avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVGFRE~1avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:Program FilesHewlett-PackardDigital Imagingbinhpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WD Backup Monitor.lnk = C:Program FilesMy BookWD BackupuBBMonitor.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:program filesaolaol toolbar 5.0resourcesen-USlocalsearch.html
O8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/ [...] insctl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: ShellService - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:WINDOWSsystem32configatwwShellService.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:Program FilesIntelIntel Application Acceleratoriaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:program filesmcafee.comagentmcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - (no file)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:Program FilesSygateSPFsmc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

MOD EDIT: Merged 2 posts together and PM'd member ~ stevealmighty

I have had three trojans.I think they might still be there. I also see url search hook listed and i think it might be spyware.

Edited by stevealmighty, 21 November 2007 - 09:04 AM.


BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:47 PM

Posted 04 December 2007 - 08:35 AM

Hi dortmund23

Not much there but let's check a bit deeper:

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:47 PM

Posted 11 December 2007 - 08:17 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users