Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
3 replies to this topic

#1 shadesh

shadesh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 28 March 2013 - 12:19 PM

Logfile of Trend Micro 
 
HijackThis v2.0.4
Scan saved at 10:41:43 PM, 
 
on 3/28/2013
Platform: Windows XP SP3 
 
(WinNT 5.01.2600)
MSIE: Internet Explorer 
 
v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32
 
\smss.exe
C:\WINDOWS\system32
 
\winlogon.exe
C:\WINDOWS\system32
 
\services.exe
C:\WINDOWS\system32
 
\lsass.exe
C:\WINDOWS\system32
 
\svchost.exe
C:\Program Files\Microsoft 
 
Security 
 
Client\Antimalware\MsMpEng
 
.exe
C:\WINDOWS\system32
 
\svchost.exe
C:\WINDOWS\system32
 
\spoolsv.exe
C:\WINDOWS\system32
 
\nvsvc32.exe
C:\Program 
 
Files\HTC\Internet Pass-
 
Through\PassThruSvr.exe
C:\Program Files\Common 
 
Files\Protexis\License 
 
Service\PSIService.exe
C:\Program 
 
Files\CyberLink\Shared 
 
files\RichVideo.exe
C:\Program 
 
Files\TeamViewer\Version8
 
\TeamViewer_Service.exe
C:\Program Files\TuneUp 
 
Utilities 2011
 
\TuneUpUtilitiesService32.
 
exe
C:\Program Files\Western 
 
Digital\WD Drive 
 
Manager\WDDriveService.exe
C:\Program Files\Western 
 
Digital\WD 
 
SmartWare\WDRulesEngine.ex
 
e
C:\Program Files\Western 
 
Digital\WD 
 
SmartWare\WDBackupEngine.e
 
xe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp 
 
Utilities 2011
 
\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32
 
\wscntfy.exe
C:\Program Files\Western 
 
Digital\WD 
 
Security\WDDriveAutoUnlock
 
.exe
C:\Program Files\Western 
 
Digital\WD Quick 
 
View\WDDMStatus.exe
C:\Program 
 
Files\Skype\Phone\Skype.ex
 
e
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\WINDOWS\system32
 
\ctfmon.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\WINDOWS\system32
 
\msiexec.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Program Files\Trend 
 
Micro\HiJackThis\HiJackThi
 
s.exe
 
R0 - 
 
HKCU\Software\Microsoft\In
 
ternet Explorer\Main,Start 
 
Page = 
 
http://www.giveawayoftheda
 
y.com/
R1 - 
 
HKLM\Software\Microsoft\In
 
ternet 
 
Explorer\Main,Default_Page
 
_URL = 
 
http://go.microsoft.com/fw
 
link/?LinkId=69157
R1 - 
 
HKLM\Software\Microsoft\In
 
ternet 
 
Explorer\Main,Default_Sear
 
ch_URL = 
 
http://go.microsoft.com/fw
 
link/?LinkId=54896
R1 - 
 
HKLM\Software\Microsoft\In
 
ternet 
 
Explorer\Main,Search Page 
 

 
http://go.microsoft.com/fw
 
link/?LinkId=54896
R0 - 
 
HKLM\Software\Microsoft\In
 
ternet Explorer\Main,Start 
 
Page = 
 
http://go.microsoft.com/fw
 
link/?LinkId=69157
R1 - 
 
HKCU\Software\Microsoft\In
 
ternet Connection 
 
Wizard,ShellNext = 
 
http://www.reliancenetconn
 
ect.co.in/
R1 - 
 
HKCU\Software\Microsoft\Wi
 
ndows\CurrentVersion\Inter
 
net Settings,ProxyOverride 
 
= *.local
O2 - BHO: Groove GFS 
 
Browser Helper - 
 
{72853161-30C5-4D22-B7F9-
 
0BBC1D38A37E} - C:\Program 
 
Files\Microsoft 
 
Office\Office12
 
\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 
 
2 SSV Helper - {DBC80044-
 
A445-435b-BC74-
 
9C25C1C588A9} - C:\Program 
 
Files\Java\jre6
 
\bin\jp2ssv.dll
O2 - BHO: 
 
JQSIEStartDetectorImpl - 
 
{E7E6F031-17CE-4C07-BC86-
 
EABFE594F69C} - C:\Program 
 
Files\Java\jre6
 
\lib\deploy\jqs\ie\jqs_plu
 
gin.dll
O4 - HKLM\..\Run: 
 
[NvCplDaemon] RUNDLL32.EXE 
 
C:\WINDOWS\system32
 
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WD 
 
Drive Unlocker] C:\Program 
 
Files\Western Digital\WD 
 
Security\WDDriveAutoUnlock
 
.exe
O4 - HKLM\..\Run: [WD 
 
Quick View] C:\Program 
 
Files\Western Digital\WD 
 
Quick View\WDDMStatus.exe
O4 - HKCU\..\Run: [Skype] 
 
"C:\Program 
 
Files\Skype\Phone\Skype.ex
 
e" /minimized /regrun
O4 - HKCU\..\Run: 
 
[ctfmon.exe] 
 
C:\WINDOWS\system32
 
\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: 
 
[DWQueuedReporting] 
 
"C:\PROGRA~1\COMMON~1
 
\MICROS~1\DW\dwtrig20.exe" 
 
-t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: 
 
[DWQueuedReporting] 
 
"C:\PROGRA~1\COMMON~1
 
\MICROS~1\DW\dwtrig20.exe" 
 
-t (User 'Default user')
O8 - Extra context menu 
 
item: E&xport to Microsoft 
 
Excel - res://C:\PROGRA~1
 
\MICROS~4\Office12
 
\EXCEL.EXE/3000
O9 - Extra button: Send to 
 
OneNote - {2670000A-7350-
 
4f3c-8081-5663EE0C6C49} - 
 
C:\PROGRA~1\MICROS~4
 
\Office12\ONBttnIE.dll
O9 - Extra 'Tools' 
 
menuitem: S&end to OneNote 
 
- {2670000A-7350-4f3c-
 
8081-5663EE0C6C49} - 
 
C:\PROGRA~1\MICROS~4
 
\Office12\ONBttnIE.dll
O9 - Extra button: Run 
 
WinHTTrack - {36ECAF82-
 
3300-8F84-092E-
 
AFF36D6C7040} - C:\Program 
 
Files\WinHTTrack\WinHTTrac
 
kIEBar.dll
O9 - Extra 'Tools' 
 
menuitem: Launch 
 
WinHTTrack - {36ECAF82-
 
3300-8F84-092E-
 
AFF36D6C7040} - C:\Program 
 
Files\WinHTTrack\WinHTTrac
 
kIEBar.dll
O9 - Extra button: 
 
Research - {92780B25-18CC
 
-41C8-B9BE-3C9C571A8263} - 
 
C:\PROGRA~1\MICROS~4
 
\Office12\REFIEBAR.DLL
O9 - Extra button: (no 
 
name) - {e2e2dd38-d088-
 
4134-82b7-f2ba38496583} - 
 
C:\WINDOWS\Network 
 
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' 
 
menuitem: @xpsp3res.dll,-
 
20001 - {e2e2dd38-d088-
 
4134-82b7-f2ba38496583} - 
 
C:\WINDOWS\Network 
 
Diagnostic\xpnetdiag.exe
O9 - Extra button: 
 
Messenger - {FB5F1910-
 
F110-11d2-BB9E-
 
00C04F795683} - C:\Program 
 
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' 
 
menuitem: Windows 
 
Messenger - {FB5F1910-
 
F110-11d2-BB9E-
 
00C04F795683} - C:\Program 
 
Files\Messenger\msmsgs.exe
O17 - 
 
HKLM\System\CCS\Services\T
 
cpip\..\{FE716245-D619-
 
4F74-A537-3D5068817A34}: 
 
NameServer = 
 
10.20.30.1,8.8.8.8
O18 - Protocol: 
 
grooveLocalGWS - 
 
{88FED34C-F0CA-4636-A375-
 
3CB6248B04CD} - C:\Program 
 
Files\Microsoft 
 
Office\Office12
 
\GrooveSystemServices.dll
O18 - Protocol: skype4com 
 
- {FFC8B962-9B40-4DFF-
 
9458-1830C7DD7F5D} - 
 
C:\PROGRA~1\COMMON~1
 
\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: 
 
Browseui preloader - 
 
{438755C2-A8BA-11D1-B96B-
 
00A0C90312E1} - 
 
C:\WINDOWS\system32
 
\browseui.dll
O22 - SharedTaskScheduler: 
 
Component Categories cache 
 
daemon - {8C7461EF-2B13-
 
11d2-BE35-3078302C2030} - 
 
C:\WINDOWS\system32
 
\browseui.dll
O23 - Service: Adobe Flash 
 
Player Update Service 
 
(AdobeFlashPlayerUpdateSvc
 
) - Adobe Systems 
 
Incorporated - 
 
C:\WINDOWS\system32
 
\Macromed\Flash\FlashPlaye
 
rUpdateService.exe
O23 - Service: 
 
##Id_String1.6844F930_1628
 
_4223_B5CC_5BB94B879762## 
 
(Bonjour Service) - Apple 
 
Computer, Inc. - 
 
C:\Program 
 
Files\Bonjour\mDNSResponde
 
r.exe
O23 - Service: FLEXnet 
 
Licensing Service - 
 
Acresso Software Inc. - 
 
C:\Program Files\Common 
 
Files\Macrovision 
 
Shared\FLEXnet 
 
Publisher\FNPLicensingServ
 
ice.exe
O23 - Service: Java Quick 
 
Starter 
 
(JavaQuickStarterService) 
 
- Sun Microsystems, Inc. - 
 
C:\Program 
 
Files\Java\jre6
 
\bin\jqs.exe
O23 - Service: Mozilla 
 
Maintenance Service 
 
(MozillaMaintenance) - 
 
Mozilla Foundation - 
 
C:\Program Files\Mozilla 
 
Maintenance 
 
Service\maintenanceservice
 
.exe
O23 - Service: NBService - 
 
Nero AG - C:\Program 
 
Files\Nero\Nero 7\Nero 
 
BackItUp\NBService.exe
O23 - Service: 
 
NMIndexingService - Nero 
 
AG - C:\Program 
 
Files\Common 
 
Files\Ahead\Lib\NMIndexing
 
Service.exe
O23 - Service: NVIDIA 
 
Display Driver Service 
 
(NVSvc) - NVIDIA 
 
Corporation - 
 
C:\WINDOWS\system32
 
\nvsvc32.exe
O23 - Service: Internet 
 
Pass-Through Service 
 
(PassThru Service) - 
 
Unknown owner - C:\Program 
 
Files\HTC\Internet Pass-
 
Through\PassThruSvr.exe
O23 - Service: 
 
ProtexisLicensing - 
 
Unknown owner - C:\Program 
 
Files\Common 
 
Files\Protexis\License 
 
Service\PSIService.exe
O23 - Service: Cyberlink 
 
RichVideo Service(CRVS) 
 
(RichVideo) - Unknown 
 
owner - C:\Program 
 
Files\CyberLink\Shared 
 
files\RichVideo.exe
O23 - Service: 
 
ServiceLayer - Nokia - 
 
C:\Program Files\PC 
 
Connectivity 
 
Solution\ServiceLayer.exe
O23 - Service: Skype 
 
Updater (SkypeUpdate) - 
 
Skype Technologies - 
 
C:\Program 
 
Files\Skype\Updater\Update
 
r.exe
O23 - Service: TeamViewer 
 
8 (TeamViewer8) - 
 
TeamViewer GmbH - 
 
C:\Program 
 
Files\TeamViewer\Version8
 
\TeamViewer_Service.exe
O23 - Service: TuneUp 
 
Utilities Service 
 
(TuneUp.UtilitiesSvc) - 
 
TuneUp Software - 
 
C:\Program Files\TuneUp 
 
Utilities 2011
 
\TuneUpUtilitiesService32.
 
exe
O23 - Service: WD Backup 
 
(WDBackup) - Western 
 
Digital  - C:\Program 
 
Files\Western Digital\WD 
 
SmartWare\WDBackupEngine.e
 
xe
O23 - Service: WD Drive 
 
Manager (WDDriveService) - 
 
Western Digital - 
 
C:\Program Files\Western 
 
Digital\WD Drive 
 
Manager\WDDriveService.exe
O23 - Service: WD Rules 
 
(WDRulesService) - Western 
 
Digital  - C:\Program 
 
Files\Western Digital\WD 
 
SmartWare\WDRulesEngine.ex
 
e
 
--
End of file - 8493 bytes

Logfile of Trend Micro 
 
HijackThis v2.0.4
Scan saved at 10:41:43 PM, 
 
on 3/28/2013
Platform: Windows XP SP3 
 
(WinNT 5.01.2600)
MSIE: Internet Explorer 
 
v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32
 
\smss.exe
C:\WINDOWS\system32
 
\winlogon.exe
C:\WINDOWS\system32
 
\services.exe
C:\WINDOWS\system32
 
\lsass.exe
C:\WINDOWS\system32
 
\svchost.exe
C:\Program Files\Microsoft 
 
Security 
 
Client\Antimalware\MsMpEng
 
.exe
C:\WINDOWS\system32
 
\svchost.exe
C:\WINDOWS\system32
 
\spoolsv.exe
C:\WINDOWS\system32
 
\nvsvc32.exe
C:\Program 
 
Files\HTC\Internet Pass-
 
Through\PassThruSvr.exe
C:\Program Files\Common 
 
Files\Protexis\License 
 
Service\PSIService.exe
C:\Program 
 
Files\CyberLink\Shared 
 
files\RichVideo.exe
C:\Program 
 
Files\TeamViewer\Version8
 
\TeamViewer_Service.exe
C:\Program Files\TuneUp 
 
Utilities 2011
 
\TuneUpUtilitiesService32.
 
exe
C:\Program Files\Western 
 
Digital\WD Drive 
 
Manager\WDDriveService.exe
C:\Program Files\Western 
 
Digital\WD 
 
SmartWare\WDRulesEngine.ex
 
e
C:\Program Files\Western 
 
Digital\WD 
 
SmartWare\WDBackupEngine.e
 
xe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp 
 
Utilities 2011
 
\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32
 
\wscntfy.exe
C:\Program Files\Western 
 
Digital\WD 
 
Security\WDDriveAutoUnlock
 
.exe
C:\Program Files\Western 
 
Digital\WD Quick 
 
View\WDDMStatus.exe
C:\Program 
 
Files\Skype\Phone\Skype.ex
 
e
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\WINDOWS\system32
 
\ctfmon.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\WINDOWS\system32
 
\msiexec.exe
C:\Documents and 
 
Settings\FALAK\Local 
 
Settings\Application 
 
Data\Google\Chrome\Applica
 
tion\chrome.exe
C:\Program Files\Trend 
 
Micro\HiJackThis\HiJackThi
 
s.exe
 
R0 - 
 
HKCU\Software\Microsoft\In
 
ternet Explorer\Main,Start 
 
Page = 
 
http://www.giveawayoftheda
 
y.com/
R1 - 
 
HKLM\Software\Microsoft\In
 
ternet 
 
Explorer\Main,Default_Page
 
_URL = 
 
http://go.microsoft.com/fw
 
link/?LinkId=69157
R1 - 
 
HKLM\Software\Microsoft\In
 
ternet 
 
Explorer\Main,Default_Sear
 
ch_URL = 
 
http://go.microsoft.com/fw
 
link/?LinkId=54896
R1 - 
 
HKLM\Software\Microsoft\In
 
ternet 
 
Explorer\Main,Search Page 
 

 
http://go.microsoft.com/fw
 
link/?LinkId=54896
R0 - 
 
HKLM\Software\Microsoft\In
 
ternet Explorer\Main,Start 
 
Page = 
 
http://go.microsoft.com/fw
 
link/?LinkId=69157
R1 - 
 
HKCU\Software\Microsoft\In
 
ternet Connection 
 
Wizard,ShellNext = 
 
http://www.reliancenetconn
 
ect.co.in/
R1 - 
 
HKCU\Software\Microsoft\Wi
 
ndows\CurrentVersion\Inter
 
net Settings,ProxyOverride 
 
= *.local
O2 - BHO: Groove GFS 
 
Browser Helper - 
 
{72853161-30C5-4D22-B7F9-
 
0BBC1D38A37E} - C:\Program 
 
Files\Microsoft 
 
Office\Office12
 
\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 
 
2 SSV Helper - {DBC80044-
 
A445-435b-BC74-
 
9C25C1C588A9} - C:\Program 
 
Files\Java\jre6
 
\bin\jp2ssv.dll
O2 - BHO: 
 
JQSIEStartDetectorImpl - 
 
{E7E6F031-17CE-4C07-BC86-
 
EABFE594F69C} - C:\Program 
 
Files\Java\jre6
 
\lib\deploy\jqs\ie\jqs_plu
 
gin.dll
O4 - HKLM\..\Run: 
 
[NvCplDaemon] RUNDLL32.EXE 
 
C:\WINDOWS\system32
 
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WD 
 
Drive Unlocker] C:\Program 
 
Files\Western Digital\WD 
 
Security\WDDriveAutoUnlock
 
.exe
O4 - HKLM\..\Run: [WD 
 
Quick View] C:\Program 
 
Files\Western Digital\WD 
 
Quick View\WDDMStatus.exe
O4 - HKCU\..\Run: [Skype] 
 
"C:\Program 
 
Files\Skype\Phone\Skype.ex
 
e" /minimized /regrun
O4 - HKCU\..\Run: 
 
[ctfmon.exe] 
 
C:\WINDOWS\system32
 
\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: 
 
[DWQueuedReporting] 
 
"C:\PROGRA~1\COMMON~1
 
\MICROS~1\DW\dwtrig20.exe" 
 
-t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: 
 
[DWQueuedReporting] 
 
"C:\PROGRA~1\COMMON~1
 
\MICROS~1\DW\dwtrig20.exe" 
 
-t (User 'Default user')
O8 - Extra context menu 
 
item: E&xport to Microsoft 
 
Excel - res://C:\PROGRA~1
 
\MICROS~4\Office12
 
\EXCEL.EXE/3000
O9 - Extra button: Send to 
 
OneNote - {2670000A-7350-
 
4f3c-8081-5663EE0C6C49} - 
 
C:\PROGRA~1\MICROS~4
 
\Office12\ONBttnIE.dll
O9 - Extra 'Tools' 
 
menuitem: S&end to OneNote 
 
- {2670000A-7350-4f3c-
 
8081-5663EE0C6C49} - 
 
C:\PROGRA~1\MICROS~4
 
\Office12\ONBttnIE.dll
O9 - Extra button: Run 
 
WinHTTrack - {36ECAF82-
 
3300-8F84-092E-
 
AFF36D6C7040} - C:\Program 
 
Files\WinHTTrack\WinHTTrac
 
kIEBar.dll
O9 - Extra 'Tools' 
 
menuitem: Launch 
 
WinHTTrack - {36ECAF82-
 
3300-8F84-092E-
 
AFF36D6C7040} - C:\Program 
 
Files\WinHTTrack\WinHTTrac
 
kIEBar.dll
O9 - Extra button: 
 
Research - {92780B25-18CC
 
-41C8-B9BE-3C9C571A8263} - 
 
C:\PROGRA~1\MICROS~4
 
\Office12\REFIEBAR.DLL
O9 - Extra button: (no 
 
name) - {e2e2dd38-d088-
 
4134-82b7-f2ba38496583} - 
 
C:\WINDOWS\Network 
 
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' 
 
menuitem: @xpsp3res.dll,-
 
20001 - {e2e2dd38-d088-
 
4134-82b7-f2ba38496583} - 
 
C:\WINDOWS\Network 
 
Diagnostic\xpnetdiag.exe
O9 - Extra button: 
 
Messenger - {FB5F1910-
 
F110-11d2-BB9E-
 
00C04F795683} - C:\Program 
 
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' 
 
menuitem: Windows 
 
Messenger - {FB5F1910-
 
F110-11d2-BB9E-
 
00C04F795683} - C:\Program 
 
Files\Messenger\msmsgs.exe
O17 - 
 
HKLM\System\CCS\Services\T
 
cpip\..\{FE716245-D619-
 
4F74-A537-3D5068817A34}: 
 
NameServer = 
 
10.20.30.1,8.8.8.8
O18 - Protocol: 
 
grooveLocalGWS - 
 
{88FED34C-F0CA-4636-A375-
 
3CB6248B04CD} - C:\Program 
 
Files\Microsoft 
 
Office\Office12
 
\GrooveSystemServices.dll
O18 - Protocol: skype4com 
 
- {FFC8B962-9B40-4DFF-
 
9458-1830C7DD7F5D} - 
 
C:\PROGRA~1\COMMON~1
 
\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: 
 
Browseui preloader - 
 
{438755C2-A8BA-11D1-B96B-
 
00A0C90312E1} - 
 
C:\WINDOWS\system32
 
\browseui.dll
O22 - SharedTaskScheduler: 
 
Component Categories cache 
 
daemon - {8C7461EF-2B13-
 
11d2-BE35-3078302C2030} - 
 
C:\WINDOWS\system32
 
\browseui.dll
O23 - Service: Adobe Flash 
 
Player Update Service 
 
(AdobeFlashPlayerUpdateSvc
 
) - Adobe Systems 
 
Incorporated - 
 
C:\WINDOWS\system32
 
\Macromed\Flash\FlashPlaye
 
rUpdateService.exe
O23 - Service: 
 
##Id_String1.6844F930_1628
 
_4223_B5CC_5BB94B879762## 
 
(Bonjour Service) - Apple 
 
Computer, Inc. - 
 
C:\Program 
 
Files\Bonjour\mDNSResponde
 
r.exe
O23 - Service: FLEXnet 
 
Licensing Service - 
 
Acresso Software Inc. - 
 
C:\Program Files\Common 
 
Files\Macrovision 
 
Shared\FLEXnet 
 
Publisher\FNPLicensingServ
 
ice.exe
O23 - Service: Java Quick 
 
Starter 
 
(JavaQuickStarterService) 
 
- Sun Microsystems, Inc. - 
 
C:\Program 
 
Files\Java\jre6
 
\bin\jqs.exe
O23 - Service: Mozilla 
 
Maintenance Service 
 
(MozillaMaintenance) - 
 
Mozilla Foundation - 
 
C:\Program Files\Mozilla 
 
Maintenance 
 
Service\maintenanceservice
 
.exe
O23 - Service: NBService - 
 
Nero AG - C:\Program 
 
Files\Nero\Nero 7\Nero 
 
BackItUp\NBService.exe
O23 - Service: 
 
NMIndexingService - Nero 
 
AG - C:\Program 
 
Files\Common 
 
Files\Ahead\Lib\NMIndexing
 
Service.exe
O23 - Service: NVIDIA 
 
Display Driver Service 
 
(NVSvc) - NVIDIA 
 
Corporation - 
 
C:\WINDOWS\system32
 
\nvsvc32.exe
O23 - Service: Internet 
 
Pass-Through Service 
 
(PassThru Service) - 
 
Unknown owner - C:\Program 
 
Files\HTC\Internet Pass-
 
Through\PassThruSvr.exe
O23 - Service: 
 
ProtexisLicensing - 
 
Unknown owner - C:\Program 
 
Files\Common 
 
Files\Protexis\License 
 
Service\PSIService.exe
O23 - Service: Cyberlink 
 
RichVideo Service(CRVS) 
 
(RichVideo) - Unknown 
 
owner - C:\Program 
 
Files\CyberLink\Shared 
 
files\RichVideo.exe
O23 - Service: 
 
ServiceLayer - Nokia - 
 
C:\Program Files\PC 
 
Connectivity 
 
Solution\ServiceLayer.exe
O23 - Service: Skype 
 
Updater (SkypeUpdate) - 
 
Skype Technologies - 
 
C:\Program 
 
Files\Skype\Updater\Update
 
r.exe
O23 - Service: TeamViewer 
 
8 (TeamViewer8) - 
 
TeamViewer GmbH - 
 
C:\Program 
 
Files\TeamViewer\Version8
 
\TeamViewer_Service.exe
O23 - Service: TuneUp 
 
Utilities Service 
 
(TuneUp.UtilitiesSvc) - 
 
TuneUp Software - 
 
C:\Program Files\TuneUp 
 
Utilities 2011
 
\TuneUpUtilitiesService32.
 
exe
O23 - Service: WD Backup 
 
(WDBackup) - Western 
 
Digital  - C:\Program 
 
Files\Western Digital\WD 
 
SmartWare\WDBackupEngine.e
 
xe
O23 - Service: WD Drive 
 
Manager (WDDriveService) - 
 
Western Digital - 
 
C:\Program Files\Western 
 
Digital\WD Drive 
 
Manager\WDDriveService.exe
O23 - Service: WD Rules 
 
(WDRulesService) - Western 
 
Digital  - C:\Program 
 
Files\Western Digital\WD 
 
SmartWare\WDRulesEngine.ex
 
e
 
--
End of file - 8493 bytes

Edit: Merged two separate topics. Then moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 shadesh

shadesh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 28 March 2013 - 12:30 PM

sjpuld i delete all these entries?

Attached Files

  • Attached File  ads.jpg   29.3KB   0 downloads


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 PM

Posted 29 March 2013 - 07:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

You HijackThis log is not formatted correctly.


I sugges you run this DDS tool.
However, before running the tool remove the Word Wrap from NotePad.
You will find this option under the Format menu. This will eliminate all the blank lines in your log.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.===

Third party programs if not up to date can be the cause of infiltration an infection.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document. ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner
  • by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
    Please post the logs and let me know what problem persists.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 PM

Posted 04 April 2013 - 08:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users