Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
3 replies to this topic

#1 sageofbass

sageofbass

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 24 February 2009 - 02:35 PM

Hi! My computer connection is very slow and my pc seems to be sending info over my connection when I am not on a browser. I have run Spybot & Ad-aware but think I may still have some bugs lurking in the background. Please help and let me know what additional info you need (Windows XP home, wireless internet). Thanks! -Sage


DDS (Ver_09-02-01.01) - NTFSx86
Run by Sage at 17:15:48.25 on Tue 02/24/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.481 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NETGEAR\WPNT511\wpnt511.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Marc\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {7754C418-F62E-44AA-B169-E719E718BCFD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [WPNT511] c:\program files\netgear\wpnt511\wpnt511.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162737941407
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162737929430
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {097F10A7-487F-4457-AB1F-827C59479A72} - No File
SEH: {2140D174-B258-40F8-B8D6-6B76171A8652} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marc\applic~1\mozilla\firefox\profiles\spjra29y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-19 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-18 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-18 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-11-18 144704]
R3 Airgo3P;NETGEAR RangeMax™ 240 Wireless Notebook Adapter WPNT511;c:\windows\system32\drivers\TMIMO31P.sys [2008-12-10 780800]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2004-2-17 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-2-17 273536]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2004-7-15 18432]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-11-18 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-18 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-18 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-18 40488]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-18 33832]
S3 rtl8180;NETGEAR MA521 802.11b Wireless PC Card;c:\windows\system32\drivers\MA521nd5.sys [2006-11-5 172416]

=============== Created Last 30 ================

2009-02-24 13:49 <DIR> --d----- c:\program files\Trend Micro
2009-02-23 18:36 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-23 18:36 1,409 a------- c:\windows\QTFont.for
2009-02-23 18:34 256 a------- c:\windows\system32\pool.bin
2009-02-20 10:42 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-02-20 10:42 32,036 a--s---- c:\windows\system32\WNIPROT5.SYS
2009-02-19 15:31 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-19 12:24 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-19 12:12 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-19 12:11 <DIR> --d----- c:\program files\Lavasoft
2009-02-19 11:43 <DIR> --d----- c:\docume~1\marc\applic~1\IObit
2009-02-19 11:43 <DIR> --d----- c:\program files\IObit
2009-02-19 11:37 <DIR> --d----- c:\docume~1\marc\applic~1\Malwarebytes
2009-02-19 11:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-19 11:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 11:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-19 11:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 11:39 <DIR> --d----- c:\program files\ATI Technologies
2009-02-01 18:13 0 a------- c:\windows\Brownie.ini
2009-01-29 23:43 30 a------- c:\windows\system32\brss01a.ini
2009-01-29 23:43 184 a------- c:\windows\system32\brsvc01a.bsi
2009-01-29 23:42 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-01-29 23:42 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-01-29 23:30 92 a------- c:\windows\brpcfx.ini
2009-01-29 23:30 419 a------- c:\windows\brwmark.ini
2009-01-29 23:30 236 a------- c:\windows\Brpfx04a.ini
2009-01-29 23:30 79 a------- c:\windows\BRPP2KA.INI
2009-01-29 23:30 50 a------- c:\windows\system32\BRIDF04A.dat
2009-01-29 23:28 <DIR> --d----- C:\Brother
2009-01-29 23:28 6,224 -------- c:\windows\CVRPAGE.BMP
2009-01-29 23:28 0 a------- c:\windows\brdfxspd.dat
2009-01-29 23:28 126,976 -------- c:\windows\system32\BrfxD04a.dll
2009-01-29 23:28 147,456 a------- c:\windows\brunin03.dll
2009-01-29 23:28 <DIR> --d----- c:\program files\Brother
2009-01-29 23:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Brother
2009-01-29 12:04 <DIR> --d----- c:\program files\Audacity
2009-01-25 19:36 <DIR> --d----- c:\program files\Citrix
2009-01-25 19:36 60,744 a------- c:\documents and settings\marc\g2mdlhlpx.exe

==================== Find3M ====================

2009-01-20 21:24 256 a------- c:\documents and settings\marc\pool.bin
2009-01-12 18:57 2,932 a------- c:\windows\system32\d3d9caps.dat
2009-01-05 17:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2006-12-30 23:47 18,312 a------- c:\docume~1\marc\applic~1\GDIPFONTCACHEV1.DAT
2006-11-07 14:16 28,672 a------- c:\documents and settings\marc\atwbxdet.dll
2004-03-12 15:33 212,992 a------- c:\windows\inf\ma521\CopyWHQLDriver.exe
2003-07-30 15:18 172,416 a------- c:\windows\inf\ma521\MA521nd5.sys
2008-11-03 22:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110320081104\index.dat

============= FINISH: 17:16:58.65 ===============

Edited by sageofbass, 24 February 2009 - 05:21 PM.


BC AdBot (Login to Remove)

 


#2 sageofbass

sageofbass
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 24 February 2009 - 05:25 PM

I changed the post to the DDS logs per the forum directions. Thx.

#3 sageofbass

sageofbass
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 02 March 2009 - 11:47 AM

Does it ussually take over a week to get a response? Please delete my post and thanks anyways... Sage.

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:26 PM

Posted 09 March 2009 - 08:17 PM

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users