| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 121549 | 2011-10-31 03:00:00 | HJT Log for Speedy ... if he's around ... TIA | SP8's (9836) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1241034 | 2011-10-31 03:00:00 | Hi Speedy or whoever else may be able to help out. This log is from a Samsung Lappy belonging to a Korean friend .... I've already taken around 50 odd viruses, trojans, adware, etc off the damned thing and haven't got a clue what should or shouldn't be left on or taken off .... :stare: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:52:58, on 31/10/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AhnLab\V3Lite\v3ltray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\GAESORI\gaesoriplayer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\windows\system32\taskeng.exe C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManage r.exe C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe C:\windows\system32\taskeng.exe C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Internet Explorer\IELowutil.exe C:\windows\system32\taskhost.exe F:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.bigseekpro.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: FMTLB0001 - {3873F029-A2F7-42D1-94C1-A35ED1C59096} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: ALToolBar BHO - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1830.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll O3 - Toolbar: MyFaceSounds Toolbar - {8B52078D-B630-4B00-A0AB-54D51CEDD9AA} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll O3 - Toolbar: ALToolBar - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1830.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [HncUpdate] C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe /A O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG. EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AhnLab V3Lite Tray Process] "C:\Program Files\AhnLab\V3Lite\V3LTray.exe" /logon O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [GaesoriPlayer] "C:\Program Files\GAESORI\gaesoriplayer.exe" "/start" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 ?? ?? ? ?? ?? .lnk O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: SRS Premium Sound.lnk = ? O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: OneNote? ?? ? - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote? ?? ? - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - ahnlabdownload.nefficient.co.kr O16 - DPF: {1219B6C3-CD4D-4243-9A4F-4C9F12FCC6E7} (CK_KeyPro_Inst) - ck.softforum.co.kr O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - naver527.naver.com O16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} (INIwallet61 Control) - plugin.inicis.com O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - accesscontrol.citibank.co.kr O16 - DPF: {331BE90D-488B-4270-8089-39221E4E4928} (BonDisk Client Control 1) - www.bondisk.com O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} (INISAFE Updater Control) - www.citibank.co.kr O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - supdate.nprotect.net O16 - DPF: {67D5EFE0-3408-4FBD-8374-A30504E895AE} (ToonsXAionStat Control) - new.jamcomic.com O16 - DPF: {6989C944-3529-4DA8-8C60-187E95F580E2} (SecureSession Class) - kids.samsungfoundation.org O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - cyimg7.cyworld.com O16 - DPF: {8E2A904F-FDD7-4086-A49C-834F1C47DC39} (AdminIOC Class) - O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - download.netmarble.net O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) - download.signgate.com O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - member.lottetown.com O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - user.buddybuddy.co.kr O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} (BankPayEFTCtrl Control) - www.bankpay.or.kr O16 - DPF: {B8677403-AAE2-40AB-8DB1-5FA6C4E4A9E5} (AquaWebPlayer Class) - dist.cdnetworks.co.kr O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - mail.daum.net O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - O16 - DPF: {C88F0C96-A482-4D63-90E1-95A134859AF1} (cjinit1 Class) - patch.mnet.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - web.teledit.com O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - image.jr.naver.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\INITECH\SHTTP\InitechSHTTPInterface.10121.dl l O18 - Protocol: smart - {402CA0E4-3090-402E-BE90-3EE9B766EBB0} - C:\Program Files\ESTsoft\ALToolBar\ALToolBarProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Google ?? ?? ?? ? (gupdate) (gupdate) - Google Inc - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google ?? ?? ?? ? (gupdatem) (gupdatem) - Google Inc - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: V3 Lite Service - AhnLab, Inc. - C:\Program Files\AhnLab\V3Lite\V3LSvc.exe -- End of file - 14392 bytes Good luck peoples ... and many thanks in advance !!!! |
SP8's (9836) | ||
| 1241035 | 2011-10-31 03:32:00 | Uninstall Spigot. This C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe Whats this? C:\Program Files\GAESORI\gaesoriplayer.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" Try putting a virus scanner on it update it then scan the hdd. Disable system restore first |
Speedy Gonzales (78) | ||
| 1241036 | 2011-10-31 04:40:00 | Hi Speedy ... Sorry, but can't tell you what GAESORI is until later ... everything in Korean & can't read it !! I'll uninstall the others you mentioned but have already scanned with MSSE, Spybot, Malwarebytes, and SAS ... got rid of a lot of the nasties, and yes, did disable sys restore before doing so. Thanks again for your help. |
SP8's (9836) | ||
| 1 | |||||