Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked


  • This topic is locked This topic is locked
2 replies to this topic

#1 Maeve2099

Maeve2099

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 02 June 2010 - 07:57 PM

I have run the HijackThis service but I have no idea what this logfile means or how to fix the issues. It appears someone has again located our passwords for online accounts and used them. If this log says anything that could be helpful please let me know.
Okay I'm running Vista and cant even get the logfile to copy.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:04:21 PM, on 02/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesAVGAVG9avgtray.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Windowssystem32wbemunsecapp.exe
C:UsersKnRAppDataLocalGoogleChromeApplicationchrome.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:UsersKnRAppDataLocalGoogleChromeApplicationchrome.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe
C:Windowssystem32NOTEPAD.EXE
C:UsersKnRAppDataLocalGoogleChromeApplicationchrome.exe
C:UsersKnRDownloadsHijackThis (1).exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG9avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: FCTBPos00Pos - {91B53B55-36CE-4ABE-A248-F97D6D9F0CFF} - C:Program FilesMouseHunt ToolbarToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: MouseHunt Toolbar - {89F74AE6-CC04-4740-9A19-EEE1DCD2861B} - C:Program FilesMouseHunt ToolbarToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [VX3000] C:WindowsvVX3000.exe
O4 - HKLM..Run: [NeroFilterCheck] C:Windowssystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [NetFxUpdate_v1.1.4322] "C:WindowsMicrosoft.NETFrameworkv1.1.4322netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [AVG9_TRAY] C:PROGRA~1AVGAVG9avgtray.exe
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [winntR1] C:winnt_winntR1.exe
O4 - HKCU..Run: [winntR2] C:winnt_winntR2.exe
O4 - HKCU..Run: [winnt2] C:winnt_winnt2.exe
O4 - HKCU..Run: [winnt6] C:winnt_winnt6.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Google Update] "C:UsersKnRAppDataLocalGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..RunOnce: [Shockwave Updater] C:WindowsSystem32AdobeSHOCKW~1SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6" -"http://mplayer26.slingo.com/shockscreen2.asp?shost=mplayer26.slingo.com&sport=15256&susername=baccuus&spassword=clobbers&roomname=Solitaire%20Golf%203&gameid=56"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:Program FilesQuickTax 2008ic2008pp.dll
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:Program FilesQuickTax 2009ic2009pp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:Windowssystem32atiesrxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9bc30345704e0) (gupdate1c9bc30345704e0) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe

--
End of file - 6414 bytes

Merged 2 posts. ~ OB

Edited by Orange Blossom, 02 June 2010 - 09:08 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 AM

Posted 05 June 2010 - 09:35 PM

Hi and welcome. smile.gif

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 AM

Posted 17 June 2010 - 08:20 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users