| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 89831 | 2008-05-13 09:41:00 | Hijack log for Speedy | macian999 (13528) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 669055 | 2008-05-13 09:41:00 | Speedy Is there anything untoward with this?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:48:34 p.m., on 13/05/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\prog_a-f\Ad-aware 6\aawservice.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\LEXPPS.EXE C:\WINNT\system32\spoolsv.exe C:\prog_a-f\avg\avgamsvr.exe C:\prog_a-f\avg\avgupsvc.exe C:\prog_a-f\avg\avgemc.exe C:\prog_a-f\Comodo\boclean\BOCORE.exe C:\prog_a-f\Comodo\Firewall\cmdagent.exe C:\WINNT\system32\CTsvcCDA.EXE C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\tcpsvcs.exe C:\WINNT\System32\snmp.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINNT\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\prog_a-f\avg\avgcc.exe C:\prog_a-f\Comodo\boclean\BOC424.exe C:\prog_a-f\Comodo\Firewall\cfp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\system32\ctfmon.exe C:\Prog_m-s\mozilla\firefox.exe C:\prog_g-l\hijack\HiJackThis(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.lerhplmrtozfmi.net ammM5pA4bpWW8R.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = accountservices.passport.net R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 169.254.55.84 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Prog_m-s\SPYBOT~1.4\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\prog_a-f\avg\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BOC-424] C:\prog_a-f\Comodo\boclean\BOC424.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\prog_a-f\Comodo\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\prog_a-f\avg\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Find Fast.lnk = C:\Prog_m-s\msoffice\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Prog_m-s\msoffice\Office\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/229?915064feb542450eb315be89ddaf1204 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/230?915064feb542450eb315be89ddaf1204 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\prog_a-f\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - www.bebo.com O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by24fd.bay24.hotmail.msn.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - www.halflemon.com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{3C561B5F-B94B-4D2F-AE32-DDFEB072AF10}: NameServer = 58.28.4.2,58.28.6.2 O20 - AppInit_DLLs: C:\WINNT\system32\guard32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\prog_a-f\Ad-aware 6\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\prog_a-f\avg\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\prog_a-f\avg\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\prog_a-f\avg\avgemc.exe O23 - Service: BOCore - COMODO - C:\prog_a-f\Comodo\boclean\BOCORE.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\prog_a-f\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11133 bytes |
macian999 (13528) | ||
| 669056 | 2008-05-13 09:50:00 | Looks ok to me but tick these then tick fix checked Close browsers O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE') 04 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Find Fast.lnk = C:\Prog_m-s\msoffice\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Prog_m-s\msoffice\Office\OSA.EXE What have u got thats symantec?? O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Uninstall all versions of Sun Java, yours is out of date, then update it |
Speedy Gonzales (78) | ||
| 1 | |||||