Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log File


  • Please log in to reply
3 replies to this topic

#1 chanel64

chanel64

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 20 September 2006 - 06:33 AM

hi to all
how do i know what to delete, pls help


Logfile of HijackThis v1.99.1



Scan saved at 9:09:50 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\anna\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe



kind regards
chanel

BC AdBot (Login to Remove)

 


m

#2 chanel64

chanel64
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 20 September 2006 - 06:42 AM

its my first time using hijack this. this is my logfile. can someone tell me what to delete
i need urgent help
thanks so much
regards
chanel

#3 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:12:43 PM

Posted 21 September 2006 - 04:54 PM

Hi Chanel64,

Welcome to Bleeping Computer :thumbsup:

I will be assisting you, under the supervision of one of our experienced coaches.

Please give me a little time to analyze your log. I will get back to you shortly with instructions. Thanks for your patience --

Dave

#4 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:12:43 PM

Posted 22 September 2006 - 12:21 AM

Hi Chanel64,


I need to see another HijackThis log, but you need to extract (unzip) HijackThis first. Otherwise the backups made when items are fixed won't be secure. The easiest way to accomplish this is to reinstall and delete any copies of HijackThis.zip you have saved.

Please download the self-extracting version of HijackThis from here:

HijackThis_sfx download

Save HijackThis_sfx to your desktop.

Double-click the file then click the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessible, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

Now, re-name HijackThis.exe to Analyze.exe. I am asking you to do this because I believe there is malware on your computer that is hiding from HijackThis. Be sure to rename the actual program file -- the name of the shortcut does not matter. However, if you want the shortcut to work, you will have to re-create it -after- you rename the program file. To rename the program file, right-click on the program icon in the HijackThis folder and select Rename from the menu list. Then just delete the current name and type in the new one in its place, then press <Enter>.

After the program is re-named, open it and Do a system scan and save a log file. Copy the entire contents of that log and post it here by clicking the Add Reply button.

I also need you to post another HiJack This log of a different type. This is the uninstall list. On the main screen, instead of the Scan button on the lower left, look for the Other Stuff section on the lower right. Click Config, then on the next screen click Miscellaneous Tools, Then finally open Uninstall Manager. It will present you with a list of programs. Click on Save List, then accept the default location (your desktop) and the default name (uninstall_list.txt). I also need you to copy and paste that list to your next reply along with the "Analyze.exe" log.

Finally, give me a description of the problems you are having -- error messages, popups, whatever. The more specific the symptoms the quicker we can fix your computer.

Edited by DaveM59, 22 September 2006 - 12:32 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users