| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96008 | 2008-12-24 23:28:00 | Hijacked Computer...? | auskye (14441) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 732308 | 2008-12-24 23:28:00 | I think my computer has been hijacked, but I'm not sure because I can't really decipher the HijackThis log file. If someone can help I'll post the log file. Thanks in advance! | auskye (14441) | ||
| 732309 | 2008-12-24 23:32:00 | Post the log, we'll check it out | Speedy Gonzales (78) | ||
| 732310 | 2008-12-24 23:36:00 | Here it is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:33:03 PM, on 12/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Windows Defender\MsMpEng.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\WINDOWS\system32\bgsvcgen.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe D:\Program Files\Google\Update\GoogleUpdate.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe D:\Program Files\Spyware Doctor\pctsAuxs.exe D:\Program Files\Spyware Doctor\pctsSvc.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\ups.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Spyware Doctor\pctsTray.exe D:\Program Files\Windows Defender\MSASCui.exe D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe D:\WINDOWS\system32\OSK.exe D:\WINDOWS\system32\MSSWCHX.EXE D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\System32\alg.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Google\Chrome\Application\chrome.exe D:\Program Files\Google\Chrome\Application\chrome.exe D:\Program Files\Google\Chrome\Application\chrome.exe D:\Program Files\Google\Chrome\Application\chrome.exe D:\Program Files\Google\Chrome\Application\chrome.exe D:\Program Files\Google\Chrome\Application\chrome.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe D:\WINDOWS\System32\wbem\wmiprvse.exe D:\Program Files\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;localhost O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "D:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [ avast! ] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] D:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VER SIO~2.EXE O4 - HKLM\..\RunServices: [Windows Service Processor] lssa.exe O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] D:\Documents and Settings\Skye\Application Data\Microsoft\Windows\lsass.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: attoygyq.dll,mss.dll O20 - Winlogon Notify: cbXrsPgG - cbXrsPgG.dll (file missing) O20 - Winlogon Notify: jkkKdBTJ - jkkKdBTJ.dll (file missing) O20 - Winlogon Notify: ljJYoOij - ljJYoOij.dll (file missing) O20 - Winlogon Notify: mlJCVmkh - mlJCVmkh.dll (file missing) O20 - Winlogon Notify: rqRKDwxx - rqRKDwxx.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - D:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing) O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing) O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - D:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c963c85f22e060) (gupdate1c963c85f22e060) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - D:\Program Files\LogMeIn\x86\RaMaint.exe (file missing) O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - D:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 9661 bytes |
auskye (14441) | ||
| 732311 | 2008-12-24 23:47:00 | Looks like you've got something nasty Disable system restore, then reboot. Tick these then tick fix checked Close browsers Uninstall windows defender, its hopeless. Use Avast instead O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "D:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" This looks nasty If this is running (in task manager lssa.exe kill it now) O4 - HKLM\..\RunServices: [Windows Service Processor] lssa.exe This looks like it belongs to a trojan. If you use IRC (this is an IRC trojan quit it now) O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] D:\Documents and Settings\Skye\Application Data\Microsoft\Windows\lsass.exe O20 - AppInit_DLLs: attoygyq.dll,mss.dll O20 - Winlogon Notify: cbXrsPgG - cbXrsPgG.dll (file missing) O20 - Winlogon Notify: jkkKdBTJ - jkkKdBTJ.dll (file missing) O20 - Winlogon Notify: ljJYoOij - ljJYoOij.dll (file missing) O20 - Winlogon Notify: mlJCVmkh - mlJCVmkh.dll (file missing) O20 - Winlogon Notify: rqRKDwxx - rqRKDwxx.dll (file missing) You should only have ONE AV program installed. Uninstall AVG Uninstall Ad-aware and Spyware Doctor Get malwarebytes and trojan remover below after you reboot, update both then scan Then select all options under utilities in trojan remover I would also get ccleaner (www.ccleaner.com) Untick the yahoo toolbar, you dont need it. Run it (close browsers). Click on run cleaner |
Speedy Gonzales (78) | ||
| 1 | |||||