Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacklog ; Also Virus Detected But Cant Find It


  • Please log in to reply
3 replies to this topic

#1 99vert

99vert

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 29 March 2006 - 09:05 PM

1. I get AVG saying virus llhnn.exe, but cant find it on PC.
2. Taskmanager has a lot of weird files.

Thank you for taking the time and helping me.

Hijack log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Steven\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - F:\cool\Web\MCIEContext.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\PartyPoker\PartyPoker.exe
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100731238541
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143398040205
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7936F65B-5993-4CB3-96E2-E2DB0B781E10} - http://download.kerclink.com:8080/KERclinkInstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel® NMS - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UPS - UPSentry Service - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Process Log:
File created by AnVir Task Manager on 3/29/2006 21:29

Processes
N [Process] [PID] [CPU %] [Priority] [Executable File] [File Description] [File Size] [Window Title] [Parent PID] [Work Time] [Mem Usage] [CPU Time]
1. alg.exe 1412 0 Normal C:\WINDOWS\system32\alg.exe Application Layer Gateway Service; Microsoft Corporation 44,544 772 9d 22h 41m 204 K 0:00
2. anvir.exe 1460 9 Normal F:\AnVir Task Manager\AnVir.exe AnVir Virus Destroyer and Task Manager; AnVir Software 415,232 AnVir Task Manager UNREGISTERED!!! (0 day(s) left) 3732 1:46 17,568 K 0:10
3. ati2evxx.exe 944 0 Normal C:\WINDOWS\system32\ati2evxx.exe ATI External Event Utility EXE Module; ATI Technologies Inc. 425,984 772 9d 22h 42m 296 K 0:00
4. ati2evxx.exe 1100 0 Normal C:\WINDOWS\system32\ati2evxx.exe ATI External Event Utility EXE Module; ATI Technologies Inc. 425,984 3944 9d 19h 40m 464 K 0:00
5. ati2evxx.exe 1280 0 Normal C:\WINDOWS\system32\ati2evxx.exe ATI External Event Utility EXE Module; ATI Technologies Inc. 425,984 728 9d 22h 41m 352 K 0:00
6. atiptaxx.exe 1128 0 Normal C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe ATI Desktop Control Panel; ATI Technologies, Inc. 344,064 2032 9d 22h 41m 352 K 0:02
7. atiptaxx.exe 1220 0 Normal C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe ATI Desktop Control Panel; ATI Technologies, Inc. 344,064 704 9d 19h 40m 780 K 0:02
8. avgamsvr.exe 1588 0 Normal C:\Program Files\Grisoft\AVG Free\avgamsvr.exe AVG Alert Manager; GRISOFT, s.r.o. 336,896 772 9d 22h 42m 1,428 K 4:11
9. avgcc.exe 336 0 Normal C:\Program Files\Grisoft\AVG Free\avgcc.exe AVG Control Center; GRISOFT, s.r.o. 357,888 2796 4d 01h 54m 4,252 K 2:46
10. avgupsvc.exe 1608 0 Normal C:\Program Files\Grisoft\AVG Free\avgupsvc.exe AVG Update Service; GRISOFT, s.r.o. 84,480 772 9d 22h 42m 88 K 0:07
11. csrss.exe 696 0 High C:\WINDOWS\system32\csrss.exe Client Server Runtime Process; Microsoft Corporation 6,144 628 9d 22h 42m 496 K 2:22
12. csrss.exe 3928 0 High C:\WINDOWS\system32\csrss.exe Client Server Runtime Process; Microsoft Corporation 6,144 628 9d 19h 40m 2,000 K 1:40
13. ctfmon.exe 1836 0 Normal C:\WINDOWS\system32\ctfmon.exe CTF Loader; Microsoft Corporation 15,360 704 9d 19h 40m 2,020 K 0:31
14. ctfmon.exe 2276 0 Normal C:\WINDOWS\system32\ctfmon.exe CTF Loader; Microsoft Corporation 15,360 2032 9d 22h 40m 424 K 0:03
15. dkservice.exe 1648 0 Normal C:\Program Files\Executive Software\Diskeeper\DkService.exe DKSERVICE.EXE; Executive Software International, Inc. 602,220 772 9d 22h 42m 2,136 K 3:45
16. explorer.exe 2032 0 Normal C:\WINDOWS\explorer.exe Windows Explorer; Microsoft Corporation 1,032,192 1356 9d 22h 41m 4,568 K 2:20
17. explorer.exe 2796 0 Normal C:\WINDOWS\explorer.exe Windows Explorer; Microsoft Corporation 1,032,192 3944 4d 01h 54m 17,764 K 13:57
18. firefox.exe 296 0 Normal C:\Program Files\Mozilla Firefox\firefox.exe Firefox; Mozilla 6,621,794 2032 4:00:09 1,480 K 1:16
19. hpzipm12.exe 1824 0 Normal C:\WINDOWS\system32\HPZipm12.exe PML Driver; HP 69,632 772 9d 22h 42m 172 K 0:01
20. hpztsb12.exe 2240 0 Normal C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe HP 176,128 2032 9d 22h 41m 324 K 0:00
21. hpztsb12.exe 2496 0 Normal C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe HP 176,128 704 9d 19h 40m 328 K 0:00
22. iexplore.exe 3760 0 Normal C:\Program Files\Internet Explorer\iexplore.exe Internet Explorer; Microsoft Corporation 93,184 Hijacklog ; Also Virus Detected But Cant Find It - BleepingComputer.com - Microsoft Internet Explorer 2796 40:13 42,348 K 2:16
23. iexplore.exe 4000 0 Normal C:\Program Files\Internet Explorer\iexplore.exe Internet Explorer; Microsoft Corporation 93,184 AnVir Task Manager v.3.7. registry,monitor,process,virus,startup,log,system,utility,performance - Microsoft Internet Explorer 2796 4:31 31,892 K 0:12
24. isafe.exe 416 0 Normal C:\WINDOWS\system32\ZoneLabs\isafe.exe ISafe Service; Computer Associates International, Inc. 188,416 772 9d 22h 41m 2,960 K 0:15
25. lsass.exe 784 0 Normal C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version); Microsoft Corporation 13,312 728 9d 22h 42m 1,584 K 0:55
26. lvcoms.exe 3096 0 Normal C:\WINDOWS\system32\LVComS.exe LVCom Server; Labtec Inc. 135,214 3944 9d 05h 41m 384 K 0:00
27. mantispm.exe 2660 0 Normal C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe Spam Filter; 894,544 2256 9d 22h 39m 444 K 0:01
28. mantispm.exe 2976 0 Normal C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe Spam Filter; 894,544 2292 9d 19h 39m 1,848 K 0:01
29. mdm.exe 1692 0 Normal C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE Machine Debug Manager; Microsoft Corporation 322,120 772 9d 22h 42m 1,404 K 0:02
30. mups.exe 2424 0 Normal C:\Program Files\Belkin Bulldog Plus\MUPS.exe 49,152 2032 9d 22h 40m 272 K 0:00
31. mups.exe 2688 0 Normal C:\Program Files\Belkin Bulldog Plus\MUPS.exe 49,152 704 9d 19h 39m 264 K 0:00
32. nmbgmonitor.exe 2316 0 Normal C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe Nero Home; Nero AG 94,208 2032 9d 22h 40m 216 K 0:00
33. nmssvc.exe 1788 0 Normal C:\WINDOWS\system32\NMSSvc.Exe NMS Module; Intel Corporation 1,118,208 772 9d 22h 42m 228 K 0:01
34. outlook.exe 1060 0 Normal C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE Microsoft Office Outlook; Microsoft Corporation 196,152 2032 3d 00h 08m 9,620 K 1:17
35. outlook.exe 1268 0 Normal C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE Microsoft Office Outlook; Microsoft Corporation 196,152 Inbox - Microsoft Outlook 2796 40:27 65,576 K 0:07
36. services.exe 772 0 Normal C:\WINDOWS\system32\services.exe Services and Controller app; Microsoft Corporation 108,032 728 9d 22h 42m 1,408 K 0:57
37. smss.exe 628 0 Normal C:\WINDOWS\system32\smss.exe Windows NT Session Manager; Microsoft Corporation 50,688 4 9d 22h 42m 40 K 0:01
38. spoolsv.exe 1448 0 Normal C:\WINDOWS\system32\spoolsv.exe Spooler SubSystem App; Microsoft Corporation 57,856 772 9d 22h 42m 1,284 K 0:03
39. svchost.exe 960 0 Normal C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services; Microsoft Corporation 14,336 772 9d 22h 42m 1,320 K 0:07
40. svchost.exe 1076 0 Normal C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services; Microsoft Corporation 14,336 772 9d 22h 42m 1,768 K 0:06
41. svchost.exe 1184 0 Normal C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services; Microsoft Corporation 14,336 772 9d 22h 42m 50,520 K 27:33
42. svchost.exe 1324 0 Normal C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services; Microsoft Corporation 14,336 772 9d 22h 42m 1,292 K 0:04
43. svchost.exe 1360 0 Normal C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services; Microsoft Corporation 14,336 772 9d 22h 42m 216 K 0:00
44. svchost.exe 1860 0 Normal C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services; Microsoft Corporation 14,336 772 9d 22h 42m 100 K 0:03
45. system 4 0 Normal 9d 22h 43m 28 K 30:04
46. System Idle Process 0 82 N/A 9d 22h 43m 16 K 220:47:37
47. taskmgr.exe 1984 0 High C:\WINDOWS\system32\taskmgr.exe Windows TaskManager; Microsoft Corporation 135,680 2796 11:34 2,012 K 0:00
48. vsmon.exe 3312 9 N/A C:\WINDOWS\system32\ZoneLabs\vsmon.exe TrueVector Service; Zone Labs, LLC 1,693,448 27,120 K 0:00
49. wdfmgr.exe 1888 0 Normal C:\WINDOWS\system32\wdfmgr.exe Windows User Mode Driver Manager; Microsoft Corporation 38,912 772 9d 22h 42m 116 K 0:00
50. winlogon.exe 728 0 High C:\WINDOWS\system32\winlogon.exe Windows NT Logon Application; Microsoft Corporation 502,272 628 9d 22h 42m 1,520 K 1:01
51. winlogon.exe 3944 0 High C:\WINDOWS\system32\winlogon.exe Windows NT Logon Application; Microsoft Corporation 502,272 628 9d 19h 40m 908 K 0:10
52. winword.exe 380 0 Normal C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Microsoft Office Word; Microsoft Corporation 12,037,688 Document1 - Microsoft Word 3944 39:04 31,968 K 0:04
53. winword.exe 3996 0 Normal C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Microsoft Office Word; Microsoft Corporation 12,037,688 960 3d 00h 08m 1,812 K 3:07
54. wzqkpick.exe 2444 0 Normal C:\Program Files\WinZip\WZQKPICK.EXE WinZip Executable; WinZip Computing LP 122,880 2032 9d 22h 40m 244 K 0:00
55. wzqkpick.exe 2680 0 Normal C:\Program Files\WinZip\WZQKPICK.EXE WinZip Executable; WinZip Computing LP 122,880 704 9d 19h 39m 288 K 0:00
56. zlclient.exe 2256 0 N/A C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Zone Labs Client; Zone Labs, LLC 755,472 3,816 K 0:00
57. zlclient.exe 2292 1 N/A C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Zone Labs Client; Zone Labs, LLC 755,472 6,748 K 0:00

Edited by 99vert, 29 March 2006 - 09:39 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:13 AM

Posted 02 April 2006 - 10:58 AM

Hello 99vert and welcome to the BC HijackThis forum. We are missing some of the information from the HijackThis log so I need you to post a new one.

We need a complete HijackThis (HJT) log file to be able to analyze what is happening on your computer.

Boot normally, start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.

POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.

I will review your log when it comes in.


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 99vert

99vert
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 04 April 2006 - 05:26 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:25:05 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\DeviceLock\DLService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Steven\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Steven\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\DLTray.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Steven\Local Settings\Temp\wzf17f\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - F:\cool\Web\MCIEContext.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\PartyPoker\PartyPoker.exe
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100731238541
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143398040205
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7936F65B-5993-4CB3-96E2-E2DB0B781E10} - http://download.kerclink.com:8080/KERclinkInstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: DeviceLock Service (Device Lock) - SmartLine Inc - C:\Program Files\DeviceLock\DLService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:13 AM

Posted 05 April 2006 - 06:06 PM

Hi 99vert. I don't see any signs of viruses or malware. Just a little house-keeping so let's take care of that.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Let's also clean out the temp folders while you're here.

Download CCleaner

Download CCleaner and install it. Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Other than that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users