| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 85986 | 2007-12-29 20:39:00 | Help with a Hi-Jack Log Please | Digby (677) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 625676 | 2007-12-29 20:39:00 | This is the Hi-Jack This log file of a friends PC. They have a couple of dialogues come up saying here is a virus (which AVG does not find) and a dialogue that keep offering to run an anti-virus scan, but it looks fake to me. Any chance of suggesting which lines could be causing this ? And any other rogues files to delete ? Kind Regards Digby Logfile of HijackThis v1.99.1 Scan saved at 15:00:04, on 29/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\YourPrivacyGuard\GDC.exe C:\PROGRA~1\YOURPR~1\UGDCcw.exe C:\Program Files\Common Files\YourPrivacyGuard\mc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\YourPrivacyGuard\updater.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\DOCUME~1\ISAACG~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: MSVPS System - {74C44274-2A2D-4A99-B00B-CCA3912349F3} - C:\WINDOWS\vipextpxm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: The voipwet - {0687766B-F048-43D1-B33B-DBE6FE9AE712} - C:\WINDOWS\voipwet.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NI.UGA6P_0001_N111M1707] "c:\documents and settings\philomena matthews\application data\install_en[1].exe" -nag O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YourPrivacyGuard] C:\Program Files\YourPrivacyGuard\GDC.exe O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\YOURPR~1\UGDCcw.exe" -start O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com ad=http://yourprivacyguard.com sd=http://ilp.yourprivacyguard.com O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=presario&pf=laptop O21 - SSODL: jetctrl - {EAAC3472-E1F1-47B4-B819-7E9D84BB40DD} - C:\WINDOWS\jetctrl.dll O21 - SSODL: kopmet - {01BD7323-D3D0-4B19-96B9-E5FE02EF29D8} - C:\WINDOWS\kopmet.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe |
Digby (677) | ||
| 625677 | 2007-12-29 20:54:00 | [QUOTE=Digby;629304] C:\Program Files\YourPrivacyGuard\GDC.exe C:\Program Files\YourPrivacyGuard\updater.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NI.UGA6P_0001_N111M1707] "c:\documents and settings\philomena matthews\application data\install_en[1].exe" -nag O4 - HKLM\..\Run: [YourPrivacyGuard] C:\Program Files\YourPrivacyGuard\GDC.exe O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\YOURPR~1\UGDCcw.exe" -start O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com ad=http://yourprivacyguard.com sd=http://ilp.yourprivacyguard.com O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=presario&pf=laptop O21 - SSODL: jetctrl - {EAAC3472-E1F1-47B4-B819-7E9D84BB40DD} - C:\WINDOWS\jetctrl.dll O21 - SSODL: kopmet - {01BD7323-D3D0-4B19-96B9-E5FE02EF29D8} - C:\WINDOWS\kopmet.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe |
pctek (84) | ||
| 625678 | 2007-12-29 21:00:00 | Put HJT in its own folder first run it then tick these. Then tick fix checked. Close browser/s Uninstall this PCPrivacyTool Read this (www.symantec.com) C:\Program Files\YourPrivacyGuard\GDC.exe C:\PROGRA~1\YOURPR~1\UGDCcw.exe C:\Program Files\Common Files\YourPrivacyGuard\mc.exe Get trojan remover in my sig, it looks like it removes it. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com This looks like it belongs to ZLob O2 - BHO: MSVPS System - {74C44274-2A2D-4A99-B00B-CCA3912349F3} - C:\WINDOWS\vipextpxm.dll This belongs to a trojan O3 - Toolbar: The voipwet - {0687766B-F048-43D1-B33B-DBE6FE9AE712} - C:\WINDOWS\voipwet.dll These are safe, but dont have to run on startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start Nasty O4 - HKLM\..\Run: [NI.UGA6P_0001_N111M1707] "c:\documents and settings\philomena matthews\application data\install_en[1].exe" -nag O4 - HKLM\..\Run: [YourPrivacyGuard] C:\Program Files\YourPrivacyGuard\GDC.exe O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\YOURPR~1\UGDCcw.exe" -start O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com ad=http://yourprivacyguard.com sd=http://ilp.yourprivacyguard.com Safe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Run this from the menu or taskbar O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background Nasty O21 - SSODL: jetctrl - {EAAC3472-E1F1-47B4-B819-7E9D84BB40DD} - C:\WINDOWS\jetctrl.dll O21 - SSODL: kopmet - {01BD7323-D3D0-4B19-96B9-E5FE02EF29D8} - C:\WINDOWS\kopmet.dll Uninstall ALL versions of Java. The one on this PC is out of date. Latest version is in my sig. Get rogueremover in my sig as well.. Install it update it then click on scan |
Speedy Gonzales (78) | ||
| 625679 | 2007-12-29 22:25:00 | Thanks Guys Brilliant Replies Happy New Year Digby |
Digby (677) | ||
| 625680 | 2007-12-29 22:58:00 | So did u tick the entries I posted?? And use those programs, then reboot? I wouldnt put this computer on the net until you do |
Speedy Gonzales (78) | ||
| 625681 | 2007-12-30 01:11:00 | So did u tick the entries I posted?? And use those programs, then reboot? I wouldnt put this computer on the net until you do yes I did thanks. That Trojan Remover looks like a good program Regards Digby |
Digby (677) | ||
| 625682 | 2007-12-30 01:19:00 | You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version. Please download HijackThis to your desktop.. www.trendsecure.com Alternate link download.bleepingcomputer.com This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless. |
Pancake (6359) | ||
| 1 | |||||