Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my HijackThis log (small one) , please help


  • This topic is locked This topic is locked
1 reply to this topic

#1 skyadav

skyadav

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 18 November 2008 - 08:38 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:31 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CVTFTP386.COM
C:\DOCUME~1\ADMINI~1.WIN\Desktop\HIJACK~1.EXE
C:\WINDOWS\system32\CVTFTP386.COM
C:\WINDOWS\system32\CHARRO~1.SCR
C:\WINDOWS\system32\UNPLAY~1.EXE
C:\WINDOWS\system32\CVTFTP~1.COM
C:\WINDOWS\system32\CVTFTP386.COM
C:\WINDOWS\system32\UNPLAY~1.EXE

O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CVTFTP386] C:\WINDOWS\system32\CVTFTP386.COM
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aia.class
O17 - HKLM\System\CCS\Services\Tcpip\..\{66F46130-9DB0-473F-AD8B-D9E37FC0E10A}: NameServer = 10.0.2.4,10.0.2.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aia.class
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aia.class
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe

--
End of file - 2188 bytes

Edited by skyadav, 18 November 2008 - 08:41 PM.


BC AdBot (Login to Remove)

 


#2 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:05 PM

Posted 05 December 2008 - 09:33 AM

Hi,

This is a log from a virtual machine, what help exactly do you need? Can you not simply revert to a snapshot or create a new VM?

jedi




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users