Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack This Log File


  • This topic is locked This topic is locked
8 replies to this topic

#1 Sonicccc

Sonicccc

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 24 July 2011 - 07:42 AM

Hello I need help identifying what a lot of these programs/processes are. I would really appreciate some help here trying to clean up my system!! I hope pastbin is an effective method of showing you the log file without making a hassle-full thread. So here is the link to the log file: HiJack This Log File Hopefully that link works fine.

Thank you so much in advance,
Sonic

Edit:
I do know what some of my processes are and I'll list what I do know so you do not have to waste your time telling me what I know about!
1. Line 20's Soundman is my audio manager I believe.
2. Line 21's Ctfmon has to do with input method with my keybord i guess?
3. Line 22 is Spybot S&D
4. Line 24 is a program I just installed that is pretty awesome for removing nearly everything from an unwanted program.
5. Line 25 allows me to tether my cell phone for internet usage.
6. Then basically line 32 and up is a bunch of mumbo jumbo and the rest of my listed processes besides google chrome are questionable.

EDIT #2:
I just learned that I have posted this in the wrong section and this belongs in "Virus, Trojan, Spyware, and Malware Removal Logs." I have read the rules for these forums and believe I remember reading something about posting the same thing twice and that'll just make people mad and increase your wait time for a response. SO...if a moderator could please move this thread to that forum I would greatly appreciate. I was not trying to post incorrectly for my first one but hey being new to a forum isn't always easy. Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:20:45 AM, on 7/24/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
E:\bin\TSVNCache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx
O20 - Winlogon Notify: avgrsstarter - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cliser - Unknown owner - C:\Program Files\RenderX\XEPWin\CliserService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Winmasse - Unknown owner - C:\Python26\lib\site-packages\win32\PythonService.exe

Edited by Noviciate, 24 July 2011 - 02:51 PM.
Moved to MRL from XP.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 24 July 2011 - 02:53 PM

Good evening. :)

Are you having any particular problems with this machine?

So long, and thanks for all the fish.

 

 


#3 Sonicccc

Sonicccc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 24 July 2011 - 03:59 PM

Yes I am. I'd like to be able to play this game called rumble fighter. But try as I might it is closing itself. I've played this game before on this computer but for some reason now it doesn't want to work now.

What happens is the game does its update and then loads this thing called hack shield. After some of what looks to be lag happens hack shield goes away and more lag insues and finally rumble fighter opens up in a windowed mode(setting that I've set). Then my mouse cursor changes into a loading one and then never actually loads anything because Rumble Fighter will just close itself. Mostly everything else on this computer works alright but it's such an old machine that I was trying to make sure that there were no problems with it. From the look of your reply Noviciate, there doesn't appear to be anything wrong with it?

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 24 July 2011 - 04:21 PM

If this was my machine i'd back up any important data on it and reformat and reinstall. Your operating system is about three years out of date given that it doesn't have Service Pack 3 installed, and from what I can tell has no anti-virus or third-party firewall installed either. Basically, it's a slime magnet.

The possibility that legitimate files may have been infected or corrupted by any malware that may be present on your PC, which might explain the issues you are having, means that a fresh start is the wisest option.

So long, and thanks for all the fish.

 

 


#5 Sonicccc

Sonicccc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 25 July 2011 - 08:05 PM

Ahh and this is where I'm stuck because my boot menu won't boot from a cd :) time for some saved paychecks and a new MACHINEEEEE

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 26 July 2011 - 02:43 PM

Good evening. :)

Odd, but if you post about this issue in this part of the forum you may find somebody has a plan that will save your paychecks.

So long, and thanks for all the fish.

 

 


#7 Sonicccc

Sonicccc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 27 July 2011 - 05:46 PM

Yes that section I have posted in that section no one seems to care currently about my problem. Okay okay maybe I'm being a bit melodramatic here. I'm sure my problem takes some research or thinking or something that is making a reply take a while. Anyways here's the link: Bootable USB Creation Problem

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 28 July 2011 - 03:11 PM

Good evening. :)

And the fact that if I acquire a burnt disc or a real copy of Windows my computer lacks the ability to boot from a CD. >_>

Do you have a Windows XP installation disk?

So long, and thanks for all the fish.

 

 


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 02 August 2011 - 02:49 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users