Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
3 replies to this topic

#1 SSyar

SSyar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Karachi, Pakistan
  • Local time:04:59 AM

Posted 12 July 2009 - 08:59 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:08, on 7/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
D:\WINDOWS\system32\mmc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [21879] D:\WINDOWS\system32\17.tmp.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [servises] D:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] D:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] D:\WINDOWS\system32\servises.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] D:\WINDOWS\system32\servises.exe (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9ec04dc1ba696) (gupdate1c9ec04dc1ba696) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net.Tcp Port Sharing Service NetTcpPortSharingAppMgmt (NetTcpPortSharingAppMgmt) - Unknown owner - D:\WINDOWS\system32\F.tmp.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4855 bytes


well my firewall is disable and i can not activate it...!

BC AdBot (Login to Remove)

 


#2 SSyar

SSyar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Karachi, Pakistan
  • Local time:04:59 AM

Posted 12 July 2009 - 09:13 AM

DDS.scr>>> Attach.txt file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/13/2009 00:49:37
System Uptime: 7/12/2009 19:44:30 (1 hours ago)

Motherboard: Compaq | | 07E4h
Processor: Intel® Pentium® 4 CPU 1.60GHz | XU1 PROCESSOR | 1594/400mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 4 GiB total, 1.156 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 2.708 GiB free.
E: is FIXED (FAT32) - 8 GiB total, 3.223 GiB free.
F: is FIXED (FAT32) - 8 GiB total, 1.726 GiB free.
G: is FIXED (FAT32) - 8 GiB total, 3.257 GiB free.
H: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_103B&SUBSYS_00120E11&REV_81\4&25296D99&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_103B&SUBSYS_00120E11&REV_81\4&25296D99&0&40F0
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ACDSee
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
BitTorrent
ChrisTV - Version 3.20
CuteFTP 8 Home
FileZilla Client 3.2.3.1
FlashGet 1.81
GFI LANguard Network Security Scanner 3.0
Google Earth
Google Earth Plugin
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Gordon's Gate Flash Driver 1.1.0.12
HijackThis 2.0.2
Intel® Extreme Graphics Driver
iPhoneBrowser
iTunes
Java™ 6 Update 7
K-Lite Codec Pack 4.7.5 (Full)
LibUSB-Win32-0.1.12.1
LifeView 713X WDM Driver
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mozilla Firefox (3.0.1)
MSXML 6.0 Parser (KB925673)
MyPhoneExplorer
Netscape Navigator (9.0.0.5)
PIXresizer 2.0.3
QuickFreedom 1.1.0
QuickTime
Skype™ 3.8
SoundMAX
Total Video Converter 3.10
Urdu Phonetic Keyboard Layout
Vypress Chat 1.9.5
WebFldrs XP
WinAVI MP4 Converter
Windows Communication Foundation
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
WinSCP 4.2.1 beta
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/9/2009 20:33:34, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.36.100 with the system having network hardware address 00:22:41:84:B5:6D. Network operations on this system may be disrupted as a result.
7/6/2009 23:09:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
7/6/2009 23:09:03, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/6/2009 23:09:03, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/6/2009 23:09:03, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/6/2009 23:09:03, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/6/2009 23:09:03, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/6/2009 23:08:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/6/2009 23:08:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/6/2009 18:24:36, error: Dhcp [1002] - The IP address lease 192.168.36.100 for the Network Card with network address 00010247A637 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/5/2009 01:47:18, error: Dhcp [1002] - The IP address lease 192.168.36.101 for the Network Card with network address 00010247A637 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/12/2009 19:50:43, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.
7/12/2009 19:50:43, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/12/2009 19:37:04, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
7/12/2009 16:20:48, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
7/11/2009 19:51:47, error: Service Control Manager [7034] - The Remote Procedure Call (RPC) Locator service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================



#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 21 July 2009 - 04:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

EDIT: typo

Edited by etavares, 21 July 2009 - 04:48 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:59 PM

Posted 26 July 2009 - 04:10 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users