Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is My Comp Allright?


  • Please log in to reply
1 reply to this topic

#1 endo

endo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 09 July 2008 - 05:44 PM

Hey guys I had a malware a while ago called Spylocked and i followed steps to get rid of it at another forum.

I haven't had any problems with it since then but i plan to start using this comp to buy stuff online and i just want to make sure that it doesn't have some
malware.

Heres the HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:04 PM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Common Files\Stardock\TrayServer.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Stardock\CursorFX\CursorFX.exe
H:\Program Files\Wireless Adapter\WLAN Configuration Utility\wlan_ui.exe
H:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
H:\WINDOWS\system32\pctspk.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
h:\WINDOWS\system32\ZuneBusEnum.exe
H:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 68.44.244.240 idenupdate.motorola.com
O1 - Hosts: 216.103.110.195 ids.mot.com
O1 - Hosts: 216.103.110.195 plntweb.comm.mot.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "H:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StatusClient] "H:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "H:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "H:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "H:\Program Files\Stardock\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Vistadrv] H:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [Zune Launcher] "h:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "H:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] H:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] H:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorFX] "H:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - Startup: Shortcut to SpySweeperUI.lnk = H:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
O4 - Global Startup: Shortcut to wlan_ui.lnk = H:\Program Files\Wireless Adapter\WLAN Configuration Utility\wlan_ui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - H:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - H:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - H:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - H:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - H:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7217 bytes


Thanks :thumbsup:

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:42 PM

Posted 02 August 2008 - 06:05 AM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

Please also post the problems you are having.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users