Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijackthis Log, What Can I Be Without?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Zone7

Zone7

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 24 July 2008 - 01:23 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:19, on 2008-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Analog Devices\SoundMAX\Smax4.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\Logitech\G-series Software\LGDCore.exe
C:\Program\Logitech\G-series Software\LCDMon.exe
C:\Program\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program\Winamp\winampa.exe
C:\Program\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Hamachi\hamachi.exe
C:\Program\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program\OpenOffice.org 2.3\program\soffice.BIN
C:\Program\Yahoo!\Widgets\YahooWidgets.exe
C:\Program\Yahoo!\Widgets\YahooWidgets.exe
C:\Program\Yahoo!\Widgets\YahooWidgets.exe
C:\Program\Yahoo!\Widgets\YahooWidgets.exe
C:\Program\Yahoo!\Widgets\YahooWidgets.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Xfire\xfire.exe
C:\Program\Steam\steam.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\BitDefender\BitDefender 2008\uiscan.exe
C:\Program\QuickTime\QuickTimePlayer.exe
C:\Program\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Nedladdade\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://swedish.ircfast2.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BM9fcc21ff] Rundll32.exe "C:\WINDOWS\system32\suaabown.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Program\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Yahoo! Widgets.lnk = C:\Program\Yahoo!\Widgets\YahooWidgets.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program\Hamachi\hamachi.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Program\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Yahoo! Widgets.lnk = C:\Program\Yahoo!\Widgets\YahooWidgets.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program\VentSrv\ventrilo_svc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program\Delade filer\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8999 bytes
--
Appreciate your help! :thumbsup:

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:29 AM

Posted 07 August 2008 - 06:20 PM

Hi Zone7

I apologize for the delay in response to your thread.
If you have since resolved the original problem you were having, I would appreciate you letting us know.. If not please perform the following below so I can have a look at the current condition of your machine.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for me to analyze.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


Many thanks.

BBPP6nz.png


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:29 AM

Posted 14 August 2008 - 01:51 PM

Due to the lack of feedback, this Topic will now be closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users