Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log File Information


  • This topic is locked This topic is locked
3 replies to this topic

#1 UmbrellaInc

UmbrellaInc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 08 January 2008 - 03:47 AM

Hello. I have been having several problems with my computer and I hops someone could please help me solve this.

1) My Task Manager has been disabled by my administrator. This wouldn't be a problem if I wasn't the only user on my computer. I have searched how to re-enable it and all methods I have tried have failed. :wacko:

2) For all intents and purposes, my ActiveX controls are dead. I can't download any ActiveX anything, run any ActiveX anything, and the only option the toolbar offers me when the little yellow line of text appears at the top of the screen (like when trying to download Flash) is Toolbar Help. :blink:

I downloaded the HijackThis program and gave it a whirl. This is what I got in return:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:36 AM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {35218ED8-1C43-1B92-1393-40918FA28ACA} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7a932ed2-1737-4ab8-b84d-c71779958551} - (disabled by BHODemon)
O2 - BHO: (no name) - {E1A6A24D-36FD-342B-892F-39E6798F0296} - C:\WINDOWS\system32\vtkrne.dll
O2 - BHO: (no name) - {E4A6A24A-368C-305A-895A-3CE607F60290} - C:\WINDOWS\system32\vtkrne.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJ
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39FCD7B0-1C0B-43AE-A962-6F5685158C3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{39FCD7B0-1C0B-43AE-A962-6F5685158C3A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{39FCD7B0-1C0B-43AE-A962-6F5685158C3A}: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6097 bytes :thumbsup:

If someone could please get back to me I would really appreciate it.
I am strongly inclined to save my important documents into an external drive and then reformat my hard drive and reinstall XP. I don't really want to do this, but I will if there's no other way to fix the problem.
If there is more information you need I will try to help you with whatever you need.

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:26 AM

Posted 12 January 2008 - 11:50 PM

Hello UmbrellaInc,

Welcome to the BleepingComputer Forums.

Since it has been a few days, please post a new HijackThis log so I can see if anything has changed.

Thank you for your patience.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 UmbrellaInc

UmbrellaInc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 13 January 2008 - 06:05 AM

Thank you for replying to my request, but I have to say I have wasted your time.
:blink:
I have just recently (like, an hour ago) reformatted my computer to :thumbsup: the virus and all other malicious codes.

I apologise for not posting this before.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:26 AM

Posted 13 January 2008 - 01:32 PM

Sorry to hear you had to reformat.

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users