Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
2 replies to this topic

#1 Cabiles2

Cabiles2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 11 September 2008 - 08:06 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:56 PM, on 9/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Minimem\minimem1.1.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NotePad.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

BC AdBot (Login to Remove)

 


#2 Cabiles2

Cabiles2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 19 September 2008 - 09:56 AM

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : RONNIE-PC
Creation time : 9/19/2008 10:39:09 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16711
OS : Windows Vista ™ Home Premium
OS Build : 6000
OS SP :
RunScanner Version : 1.7.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
* C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
* C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\Windows\system32\csrss.exe (Microsoft Corporation)
* C:\Windows\system32\csrss.exe (Microsoft Corporation)
* C:\Windows\system32\conime.exe (Microsoft Corporation)
* C:\Windows\system32\Dwm.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
* C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
* C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
* C:\Windows\system32\lsass.exe (Microsoft Corporation)
* C:\Windows\system32\lsm.exe (Microsoft Corporation)
* C:\Windows\system32\SLsvc.exe (Microsoft Corporation)
* C:\Windows\system32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\system32\SearchProtocolHost.exe (Microsoft Corporation)
C:\Program Files\Minimem\minimem1.1.exe (Kerkia)
* C:\Program Files\ThreatFire\TFService.exe (PC Tools)
* C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
* C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
* C:\Users\Ronnie\AppData\Local\Temp\Rar$EX00.375\RunScanner.exe (Runscanner.net)
* C:\Program Files\Safari\Safari.exe (Apple Inc.)
* C:\Windows\system32\services.exe (Microsoft Corporation)
* C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Windows\Explorer.EXE (Microsoft Corporation)
* C:\Windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\system32\wininit.exe (Microsoft Corporation)
* C:\Windows\system32\wuauclt.exe (Microsoft Corporation)
* C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)

Unrated items
-------------
002 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
002 C:\Program Files\TP-LINK\TWCU\TWCU.exe
002 C:\Program Files\Unlocker\UnlockerAssistant.exe
003 C:\Program Files\Minimem\minimem1.1.exe (Kerkia)
003 * c:\program files\uniblue\registrybooster\StartRegistryBooster.exe (Uniblue Software)
003 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
010 C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Internet Security)
010 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Machine Debug Manager)
010 C:\Windows\system32\acs.exe (TP-LINK Configuration Service)
011 C:\Windows\system32\16197.sys (16197)
011 * C:\Windows\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver)
011 C:\Windows\system32\drivers\elrawdsk.sys (ElRawDisk)
011 * C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR ASPI Filter Driver)
011 C:\Windows\System32\DRIVERS\gmer.sys (gmer)
011 * C:\Windows\system32\DRIVERS\klim6.sys (Kaspersky Anti-Virus NDIS 6 Filter)
011 * C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab Boot Guard Driver)
011 * C:\Windows\system32\DRIVERS\klif.sys (Kaspersky Lab Driver)
011 * C:\Windows\system32\DRIVERS\klfltdev.sys (Kaspersky Lab KLFltDev)
011 * C:\Windows\system32\DRIVERS\kl1.sys (kl1)
011 C:\Windows\System32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\Windows\System32\Drivers\sptd.sys (sptd)
011 C:\Program Files\Unlocker\UnlockerDriver5.sys (UnlockerDriver5)
011 C:\Windows\system32\DRIVERS\snp2sxp.sys (USB2.0 PC Camera (SNP2STD))
041 C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) {D0943516-5076-4020-A3B5-AEFAF26AB263}
042 GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
042 C:\Program Files\HiDownload\hidownload.exe (StreamingStar Technology Inc.) {F4FBA929-A891-492C-A0F6-5C79CC4F1742}
042 GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}
042 GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}
042 GUID / CLSID not found {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
042 GUID / CLSID not found {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
052 * C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
052 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab) {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
061 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
061 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab) {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
067 * C:\Windows\system32\klogon.dll (Kaspersky Lab)
073 AutoSmartDefrag.job : C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
073 SmartDefrag.job : C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
100 CustomizeSearch HKLM : http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
100 Default_Page_URL HKLM : http://www.yahoo.com
100 Default_Search_URL HKLM : http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
100 Search Page HKCU : http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
100 Search Page HKLM : http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
100 SearchUrl HKCU : http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
100 Start Page HKLM : http://www.yahoo.com
104 GUID / CLSID not found {77E32299-629F-43C6-AB77-6A1E6D7663F6}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
105 &Yahoo! Search : file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
105 Add to AMV Convert Tool... : C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
105 Add to Banner Ad Blocker : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
105 Add to Media Manager... : C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
105 Download All Files by HiDownload : C:\Program Files\HiDownload\HDGetAll.htm
105 Download by HiDownload : C:\Program Files\HiDownload\HDGet.htm
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
105 Yahoo! &Dictionary : file:///C:\Program Files\Yahoo!\Common/ycdict.htm
105 Yahoo! &Maps : file:///C:\Program Files\Yahoo!\Common/ycmap.htm
105 Yahoo! &SMS : file:///C:\Program Files\Yahoo!\Common/ycsms.htm
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
121 * C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
121 * C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
121 * C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
121 * C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
170 {1c2172a1-d259-11db-9578-00016c3d7d5d} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Cn911.exe
170 {34af6e86-d1fc-11db-acc9-00016c3d7d5d} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
170 {4507a364-ef06-11db-bce1-806e6f6e6963} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
170 {4f5936aa-cda7-11dc-9860-00016c3d7d5d} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
170 {634ac65b-1430-11dd-8e9e-00016c3d7d5d} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
170 {ba0477cc-4b3a-11dc-89b8-00016c3d7d5d} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
170 {c04bdcfc-c943-11db-888a-00016c3d7d5d} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
170 {c49c21bf-ca16-11db-9b61-00016c3d7d5d} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
170 {c49c21e7-ca16-11db-9b61-00016c3d7d5d} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
170 {d993fcc1-2be3-11dd-ad53-00016c3d7d5d} : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.bat
173 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
173 C:\Program Files\Privacy Guardian\Shredder\ShredderShellExtension.dll (PC Tools Research Pty Ltd) {AE733F78-D42C-428B-B6BD-28B41EE97925}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
180 HKEY_CLASSES_ROOT htafile : NOTEPAD.EXE %1
221 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
221 C:\Program Files\Privacy Guardian\Shredder\ShredderShellExtension.dll (PC Tools Research Pty Ltd) {AE733F78-D42C-428B-B6BD-28B41EE97925}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
223 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
225 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
225 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
225 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
225 C:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\Privacy Guardian\Shredder\ShredderShellExtension.dll (PC Tools Research Pty Ltd) {AE733F78-D42C-428B-B6BD-28B41EE97925}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
229 GUID / CLSID not found {5E2121EE-0300-11D4-8D3B-444553540000}

Missing files
-------------
011 System32\Drivers\usbaapl.sys
011 C:\Windows\system32\drivers\aucm917o.sys
011 c:\windows\system32\drivers\blbdrive.sys
011 C:\Windows\system32\drivers\Inspect.sys
011 E:\Fxdrv.sys
011 c:\windows\system32\DRIVERS\ipinip.sys
011 c:\windows\system32\DRIVERS\nwlnkflt.sys
011 c:\windows\system32\DRIVERS\nwlnkfwd.sys
011 C:\Windows\system32\drivers\SymIMMP.sys
011 C:\Windows\system32\drivers\TMPassthruMP.sys
011 c:\windows\system32\DRIVERS\vmnetadapter.sys
032 rdpclip
063 autocheck
063 autocheck
063 autocheck
067 SSMWinlogonEx.dll
104 C:\Windows\Downloaded Program Files\PCPitstop.dll

Edited by Orange Blossom, 20 September 2008 - 01:11 AM.
Merged topics. ~ OB


#3 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 25 September 2008 - 02:46 PM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.

I am currently looking at your log now and will be back as soon as possible with your instructions.
while you are waiting one other thing that can be of good use is an uninstall list so please do the following

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Right click on HijackThis and click Run as administrator
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users