Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 designbyadam

designbyadam

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 03 May 2011 - 11:45 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:08 PM, on 5/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security

Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec

AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Rey\Bin\Ucsinsvc.exe
C:\rey\bin\PscVersionService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
C:\WINDOWS\Explorer.EXE
C:\Rey\Bin\UIInssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://search.alot.com/web?q=&pr=auto&client_id=F7F4F24001CAF

C0DA359E856&src_id=11234&camp_id=610&tb_version=2.5.10000.504
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=127.0.0.1:5577
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: &Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F4051984-F58B-47D7-8714-F012BB311A88}

- C:\WINDOWS\system32\cnbjmo.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program

Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SupportAnyPC]

"C:\DOCUME~1\SALES\LOCALS~1\Temp\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security

Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride

Games\GPlayer.exe" /runonstartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot

- Search & Destroy\TeaTimer.exe
O4 -

HKUS\S-1-5-21-1474611737-879694009-1391459085-1006\..\Run:

[MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

(User '?')
O4 -

HKUS\S-1-5-21-1474611737-879694009-1391459085-1006\..\Run:

[ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 -

HKUS\S-1-5-21-1474611737-879694009-1391459085-1006\..\Run:

[Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe

/runonstartup" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free

Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate]

C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free

Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate]

C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User

'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program

Files\ERUNT\AUTOBACK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search -

res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net -

{F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program

Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net -

{F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program

Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://get.adobe.com
O15 - Trusted Zone: www.adobe.com
O15 - Trusted Zone: http://www.gatesnissan.net
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: *.MYSPACE.COM
O15 - Trusted Zone: http://www.toyotasouth.com
O16 - DPF: CM_AdvancedCAB -

https://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.C

AB
O16 - DPF: JVMDetect -

https://nmacrpm.nnanet.com/jvmdetect.cab
O16 - DPF: PrintTemplateViewerCab -

https://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
O16 - DPF: ReyScanCab -

https://www.gs.reyrey.com/clientdll/ReyScan.cab
O16 - DPF: websignAx -

https://nmacrpm2.nnanet.com/faces/websignax.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -

http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf

Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/

x86/client/muweb_site.cab?1152316994234
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE}

(ActiveReports Viewer2) -

https://www.gs.reyrey.com/clientdll/arview2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {ED5BE7F4-9C97-4013-8838-48C20128D73A} -

http://www.promaxonline.net/ProMaxOnLine.ocx
O17 -

HKLM\System\CCS\Services\Tcpip\..\{712C67F6-F8D6-4DA3-B7D9-30

95D5E09673}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\System32\browseui.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program

Files\Symantec_Client_Security\Symantec

AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) -

Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) -

Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian)

- Unknown owner - C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown

owner - C:\Program.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program

Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) -

LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program

Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel®

Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus

Server) - Symantec Corporation - C:\Program

Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: REY Install NT Service - UCS -

C:\Rey\Bin\Ucsinsvc.exe
O23 - Service: REY PSCVersionService - UCS -

C:\rey\bin\PscVersionService.exe
O23 - Service: UCS Install NT Service - Unknown owner -

C:\UCC\Services\UcsInSvc.exe (file missing)

--
End of file - 10283 bytes

BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 PM

Posted 12 May 2011 - 03:11 AM

Do you still need help?

Please follow the preparation guide at the top of this page.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:21 PM

Posted 18 May 2011 - 05:23 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users