Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
2 replies to this topic

#1 AaedMazen

AaedMazen

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 20 June 2012 - 12:52 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:46 PM, on 20-Jun-12
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Apps\CAMI EduSuite\CAMIKey\CAMIKey.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Users\aa\AppData\Local\Akamai\netsession_win.exe
C:\Users\aa\AppData\Local\Google\Update

\1.3.21.111\GoogleCrashHandler.exe
C:\Users\aa\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Kuma Games BETA\kgsystray\Kuma_tray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\PC Connectivity Solution\Transports

\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aa\Downloads\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Users\aa\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

= http://google.ae/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

= about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,SearchAssistant = http://start.facemoods.com/?

a=w7th&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page

=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page

=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8}

- C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet

Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:

\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} -

(no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-

B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods

\1.4.17.10\bh\facemoods.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-

B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office

\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-

B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-

D17F00898D06} - C:\Program Files\AVAST Software\Avast

\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-

4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-

435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin

\jp2ssv.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-

78B52103CAB9} - C:\Program Files\facemoods.com\facemoods

\1.4.17.10\facemoodsTlbr.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-

D17F00898D06} - C:\Program Files\AVAST Software\Avast

\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows

\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP

Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files

\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com

\facemoods\1.4.17.10\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant

\Adsl\dslagent.exe
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX

\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real

\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [CAMIKey] C:\Apps\CAMIED~1\CAMIKey

\CAMIKey.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security

Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software

\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files

\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live

\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON

Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar

\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia

\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Google Update] "C:\Users\aa\AppData\Local

\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AutoStart LG PC Suite IV] "C:\Program

Files\LG Electronics\LG PC Suite IV\LGUX.exe" -ToTray
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\aa

\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download

Manager\IDMan.exe /onboot
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games

BETA\kgsystray\Kuma_tray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk =

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all links with IDM -

C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program

Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:

\Users\aa\AppData\Roaming\DVDVideoSoftIEHelpers

\freeyoutubedownload.htm
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-

76F8D924E902} - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer

- {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files

\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081

-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-

7350-4f3c-8081-5663EE0C6C49} - C:

\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common

files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common

files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated

graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-

3CB6248B04CD} - C:\Program Files\Microsoft Office

\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice)

- Adobe Systems Incorporated - C:\Program Files\Common Files

\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:

\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program

Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program

Files\AVAST Software\Avast\afwServ.exe
O23 - Service: CAMI EduSuite License Manager - Unknown owner -

C:\Apps\CAMI EduSuite\LM\CAMI_LM.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown

owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC

Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH -

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 10062 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 PM

Posted 24 June 2012 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

p.s. To remove the blank spaces in your log remove the WordWrap function in Notepad.
Close all your Chrome windows before runnning the tool.
===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know the nature of your difficulties with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 PM

Posted 30 June 2012 - 08:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users