Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: please Diagnose.


  • This topic is locked This topic is locked
4 replies to this topic

#1 sichil

sichil

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 22 October 2012 - 09:05 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:30:58 AM, on 10/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support

Running processes:
A:\Windows\Explorer.EXE
A:\Windows\system32\ctfmon.exe
A:\Program Files\Mozilla Firefox\firefox.exe
A:\Windows\system32\cmd.exe
A:\Windows\system32\conhost.exe
A:\Program Files\Internet Explorer\iexplore.exe
A:\Program Files\Internet Explorer\iexplore.exe
A:\Windows\system32\igfxsrvc.exe
A:\Program Files\Mozilla Firefox\plugin-container.exe
A:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
A:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
A:\Users\predator\Downloads\msert.exe
B:\New folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.0:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - A:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - A:\PROGRA~1\Office\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - A:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - A:\PROGRA~1\Office\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - A:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BTMTrayAgent] rundll32.exe "A:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WSED] A:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [IgfxTray] A:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] A:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] A:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "a:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "A:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "A:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [SunJavaUpdateSched] "A:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "A:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [MizuPhone] "A:\Program Files\Mizu\Mizu.exe"
O4 - HKCU\..\Run: [Connectify] A:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] A:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [Sidebar] A:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] A:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] A:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://A:\PROGRA~1\Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://A:\PROGRA~1\Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - A:\Program Files\Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - A:\Program Files\Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - A:\Program Files\Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - A:\Program Files\Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @A:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - A:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @A:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - A:\Program Files\Motorola\Bluetooth\btmiesend.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - A:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - A:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - A:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - A:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - A:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - A:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - A:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - A:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Connectify - Unknown owner - A:\Program Files\Connectify\ConnectifyService.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - A:\Prey\platform\windows\cronsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - A:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - A:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - A:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - A:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - A:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Realtek87B - Realtek - A:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
O23 - Service: ServiceLayer - Nokia - A:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - A:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - A:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 7892 bytes

BC AdBot (Login to Remove)

 


#2 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:12 PM

Posted 24 October 2012 - 06:05 PM

Hi,

Are you currently having any problems with the machine? I'm not much for mind reading :whistle: so just posting a log doesn't tell us much
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#3 sichil

sichil
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 25 October 2012 - 01:54 AM

really sorry for that, because i am new to forums and all. my chrome instant search was redirected to alnaddy.com. then i did some googling and found it is serious if i not take action. i just re installed chrome and it went away. but i am not sure its infection is wiped off completely. sources says this get installed deeply and can work out slowly, especially compromising my financial activities online. :mellow: please help. thank you for you reply.

#4 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:12 PM

Posted 25 October 2012 - 10:56 PM

Can you complete the steps here? http://www.bleepingcomputer.com/forums/topic34773.html
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:12 PM

Posted 08 November 2012 - 06:54 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users