Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help me please am i infected


  • Please log in to reply
2 replies to this topic

#1 tritonr1

tritonr1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 17 August 2010 - 10:30 AM

everything seems to be going wrong with my computer, no internet browser will run, email crashes as soon as its opened and
a lot of my programmes are non responsive

i have done a hijackthis log if it helps...thanks


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:29:46, on 17/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\dgdersvc.exe
H:\WINDOWS\system32\FsUsbExService.Exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\IoctlSvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\StkASv2K.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\Program Files\Winamp\winampa.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Microsoft ActiveSync\Wcescomm.exe
H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\Program Files\Samsung\Kies\KiesTrayAgent.exe
H:\PROGRA~1\MICROS~4\rapimgr.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Safari\Safari.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\Outlook Express\msimn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] H:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [KiesTrayAgent] H:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [{6DF4FEC3-45D3-5DD1-D093-60F7F8458061}] "H:\Documents and Settings\Owner\Application Data\Xile\pyufo.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228597796734
O20 - AppInit_DLLs: H:\WINDOWS\system32\kijgiwn.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - H:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FsUsbExService - Teruten - H:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - H:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - H:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - H:\WINDOWS\System32\StkASv2K.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - H:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8205 bytes

BC AdBot (Login to Remove)

 


#2 tritonr1

tritonr1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 17 August 2010 - 11:22 AM

just removed java and everything started working again so something strange is going on

update: email started crashing again and firefox just gives a crash report but wont restart / internet explorer opens but wont respond

just done a superantispyware scan and its reporting 3 instances

disabled sucurity center
trojan cleansweep(spyeye)
trojan.agent/gen-CSR(fire)

dont know if these have any relevance to whats happening

Edited by tritonr1, 17 August 2010 - 12:36 PM.


#3 Torvald

Torvald

  • Members
  • 364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX USA
  • Local time:05:42 PM

Posted 17 August 2010 - 04:04 PM

tritonr1,

Just to be sure you've removed ALL previous versions of Java (some older versions have security holes), you should go into your your Control Panel, click on Add/Remove Programs, and then uninstall any Java programs and/or updates listed there.

Also, when you run SuperAntiSpyware (SAS), please make sure to run it in Windows Safe Mode (not the normal Windows mode). Running it in Safe Mode will allow it to detect and clean many more infections than otherwise. Please be sure to also update the SAS definitions before running your scan.

You might also want to try installing and running the free version of MalwareBytes AntiMalware (MBAM), and run it in normal Windows mode. It is a good antimalware program that sometimes spots & cleans things missed by SAS.

Good Luck.

Google is my friend. Make Google your friend too.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users