| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92950 | 2008-08-29 03:40:00 | HJT log | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 701198 | 2008-08-29 03:40:00 | Could someone take a look at this HJT log for nasties: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:09:53 p.m., on 29/08/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\WINNT\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Documents and Settings\Bill Mehaney\Desktop\2 Cleaning Tools\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O23 - Service: 360 - - (no file) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: RemoteABC (RemoteABCServer) - Unknown owner - C:\WINNT\RemoteAbc.exe (file missing) O23 - Service: Task Schedule - Unknown owner - C:\WINNT\Doyou (file missing) O23 - Service: UpnP Lic Process (uplogin) - Unknown owner - c:\winrar\winrag.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: windows - Unknown owner - C:\WINNT\windows0.exe (file missing) O23 - Service: Windows Security Center - Unknown owner - C:\WINNT\system32\explorer.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 4074 bytes |
NZHawk (4093) | ||
| 701199 | 2008-08-29 03:45:00 | Is this the same log from before, from the same computer, that had that worm? If it is, you should have added it to the previous thread |
Speedy Gonzales (78) | ||
| 701200 | 2008-08-29 03:52:00 | Tick these then tick fix checked Close browsers O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O23 - Service: 360 - - (no file) I have no idea what these belong to, do you? O23 - Service: RemoteABC (RemoteABCServer) - Unknown owner - C:\WINNT\RemoteAbc.exe (file missing) O23 - Service: UpnP Lic Process (uplogin) - Unknown owner -Unknown O23 - Service: windows - Unknown owner - C:\WINNT\windows0.exe (file missing) |
Speedy Gonzales (78) | ||
| 701201 | 2008-08-29 04:02:00 | This is a new machine. and no I have no idea what those 3 entries are either. |
NZHawk (4093) | ||
| 701202 | 2008-08-29 04:38:00 | Tick those entries, that should be it | Speedy Gonzales (78) | ||
| 1 | |||||