| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95022 | 2008-11-21 04:05:00 | Analyze | mathsgood (13356) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 721759 | 2008-11-21 04:05:00 | Can someone analyze these?: HiJack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:03:58 p.m., on 21/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\msdtc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mamutu\a2service.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\rnamfler\naofsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskswitch.exe C:\PROGRAM FILES\MAMUTU\mamutu.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\lexpps.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Family Users\My Documents\Desktops\Desktops.exe C:\Program Files\BetaClock\BetaClock.exe C:\Program Files\FreshDevices\FreshDownload\fd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WordWeb\wweb32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\msagent\AgentSvr.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Windows Internet Explorer 8 provided by Wilson O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [Mamutu Guard] "C:\PROGRAM FILES\MAMUTU\mamutu.exe" /silent O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Sysinternals Desktops] C:\Documents and Settings\Family Users\My Documents\Desktops\Desktops.exe O4 - HKCU\..\Run: [BetaClock] "C:\Program Files\BetaClock\BetaClock.exe" /startup O4 - HKCU\..\Run: [FreshDownload] "C:\Program Files\FreshDevices\FreshDownload\FD.EXE" O4 - HKUS\S-1-5-21-725345543-854245398-2147145749-1094\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Download Manager') O4 - HKUS\S-1-5-21-725345543-854245398-2147145749-1094\..\Run: [FreshDownload] "C:\Program Files\FreshDevices\FreshDownload\FD.EXE" (User 'Download Manager') O4 - HKUS\S-1-5-21-725345543-854245398-2147145749-1094\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Download Manager') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: lxczbmgr.lnk = C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: FreshDownload - {65594D0F-4BC6-41DE-BE32-D299291DA57E} - C:\Program Files\FreshDevices\FreshDownload\fd.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - www.symantec.com O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - www.symantec.com O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - www.symantec.com O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - webdl.symantec.com O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - www.nick.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - www.symantec.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - plugin.driveragent.com O17 - HKLM\System\CCS\Services\Tcpip\..\{F2A5288F-9F0C-4FCC-8841-F9138EA6C638}: NameServer = 210.55.12.1 210.55.12.2 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Mamutu Service (Mamutu) - Emsi Software GmbH - C:\Program Files\Mamutu\a2service.exe O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe -- End of file - 9553 bytes CCleaner Installed Programs: 3D Windows XP Screen Saver Adobe Flash Player ActiveX Adobe Shockwave Player 11 Alt-Tab Task Switcher Powertoy for Windows XP AVG Free 8.0 BetaClock version 1.0.17.517 CCleaner (remove only) CmdHere Powertoy For Windows XP English Pronunciation in Use - Intermediate Eusing Free Registry Cleaner File Shredder 2.0 filehippo.com Update Checker Foxit Reader FreshDownload Glace HijackThis 2.0.2 HyperBowl Arcade Edition: DEMO Version iLike Sidebar Java(TM) 6 Update 7 Karen's Directory Printer Malwarebytes' Anti-Malware Mamutu 1.7 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Application Error Reporting Microsoft Office 2003 Web Components Microsoft Office FrontPage 2003 Microsoft Office OneNote 2003 Microsoft Office Professional Edition 2003 Microsoft Office Project Professional 2003 Microsoft Office Visio Professional 2003 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 Redistributable Microsoft Windows Media Video 9 VCM Microsoft WorldWide Telescope MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) ObjectBar Revo Uninstaller 1.75 Rhapsody Player Engine RocketDock 1.3.5 Security Update for CAPICOM (KB931906) SnipIT Spybot - Search & Destroy TopDesk 1.5.4.1 Trial TrueCrypt Update for Windows XP (KB943729) Visual C++ 8.0 Runtime Setup Package (x64) Web Publishing Wizard WebFldrs XP Windows Defender Windows Internet Explorer 8 Beta 2 Windows XP Service Pack 3 WinRAR archiver Word Link 2.0 WordWeb XnView 1.95.3 金山词霸 2006 实用版 by xunchi Thanks! |
mathsgood (13356) | ||
| 721760 | 2008-11-21 04:15:00 | i noticed this C:\Documents and Settings\Family Users\My Documents\Desktops\Desktops.exe just check it' cheers |
Silver_Blade (10144) | ||
| 721761 | 2008-11-21 04:45:00 | Uninstall all versions of java, its out of date. Link below Is this 64 bit of XP? If it isnt then you dont need this Visual C++ 8.0 Runtime Setup Package (x64) Tick these then tick fix checked Close browsers O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) Uninstall windows defender, its hopeless |
Speedy Gonzales (78) | ||
| 1 | |||||