New Posts  All Forums:Forum Nav:

hijackthis log

post #1 of 2
Thread Starter 
Hi guys,
I have a mess of of a computer here, could some one take a look at this log?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:35:25, on 22/05/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\askhost.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe
C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVBg.exe
C:\\Windows\\System32\\igfxtray.exe
C:\\Windows\\System32\\hkcmd.exe
C:\\Windows\\System32\\igfxpers.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\Windows\\system32\\igfxsrvc.exe
C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe
C:\\Program Files\\Launch Manager\\HotkeyApp.exe
C:\\Program Files\\Launch Manager\\OSD.exe
C:\\Program Files\\Launch Manager\\WButton.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPHelper.exe
C:\\Program Files\\AVG\\AVG10\\avgtray.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\
ealsched.exe
C:\\Program Files\\CyberLink\\Power2Go\\CLMLSvc.exe
C:\\Program Files\\Adobe\\Reader 9.0\\Reader\
eader_sl.exe
C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe
C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe
C:\\Program Files\\AVG\\AVG10\\Identity Protection\\agent\\bin\\avgidsmonitor.exe
C:\\Windows\\system32\\SearchProtocolHost.exe
C:\\Windows\\system32\\SearchFilterHost.exe
C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.be/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\
pbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG10\\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\PROGRA~1\\MICROS~1\\Office14\\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\\PROGRA~1\\MICROS~1\\Office14\\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O4 - HKLM\\..\\Run: [BCSSync] "C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe" /DelayServices
O4 - HKLM\\..\\Run: [RtHDVCpl] C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe -s
O4 - HKLM\\..\\Run: [RtHDVBg] C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVBg.exe /FORPCEE3
O4 - HKLM\\..\\Run: [IgfxTray] C:\\Windows\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\Windows\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\Windows\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [SynTPEnh] %ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\\..\\Run: [IAStorIcon] C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe
O4 - HKLM\\..\\Run: [HotkeyApp] "C:\\Program Files\\Launch Manager\\HotkeyApp.exe"
O4 - HKLM\\..\\Run: [LMgrVolOSD] "C:\\Program Files\\Launch Manager\\OSD.exe"
O4 - HKLM\\..\\Run: [LMgrOSD] "C:\\Program Files\\Launch Manager\\OSDCtrl.exe"
O4 - HKLM\\..\\Run: [Wbutton] "C:\\Program Files\\Launch Manager\\Wbutton.exe"
O4 - HKLM\\..\\Run: [AVG_TRAY] C:\\Program Files\\AVG\\AVG10\\avgtray.exe
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\QTTask.exe" -atboottime
O4 - HKLM\\..\\Run: [TkBellExe] "C:\\Program Files\\Common Files\\Real\\Update_OB\
ealsched.exe" -osboot
O4 - HKLM\\..\\Run: [CLMLServer] "C:\\Program Files\\CyberLink\\Power2Go\\CLMLSvc.exe"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [Adobe ARM] "C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"
O4 - HKLM\\..\\Run: [NBAgent] "C:\\Program Files\\Nero\\Nero 10\\Nero BackItUp\\NBAgent.exe" /WinStart
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"
O4 - HKCU\\..\\Run: [Google Update] "C:\\Users\\pc kena\\AppData\\Local\\Google\\Update\\GoogleUpdate .exe" /c
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\\PROGRA~1\\MICROS~1\\Office14\\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\\PROGRA~1\\MICROS~1\\Office14\\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\\Program Files\\PokerStars\\PokerStarsUpdate.exe
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG10\\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\MSOXMLMF.DLL
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorDataMgrSvc.exe
O23 - Service: KMService - Unknown owner - C:\\Windows\\system32\\srvany.exe
O23 - Service: @C:\\Program Files\\Nero\\Update\\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\\Program Files\\Nero\\Update\\NASvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\\Program Files\\Common Files\\Protexis\\License Service\\PsiService_2.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\\Program Files\\Launch Manager\\WisLMSvc.exe

--
End of file - 7483 bytes

It's not my laptop, I need to fix it for a friend, so don't blame me if there is any pr0n malware on it

Grtz
Xioros
   
The Singularity
(19 items)
 
CPUMotherboardGraphicsRAM
Core i7 4790K @4GHz with stock cooler ASUS Maximus VI Gene GTX 1080 Ti G.Skill RipjawsX 16 GB 1600 MHz 
Hard DriveHard DriveOSMonitor
840 Pro Series 256 GB WD Black 3TB Windows 7 Pro x64 Dell U3415W 
KeyboardPowerCase
Dell U2715H Corsair AX860 with terrible MDPC-x sleeving job Corsair 350D 
CPUMotherboardGraphicsRAM
Undecided: Coffee Lake 6c? Undecided Nvidia GeForce GTX 1080 Ti 16 GB high-speed DDR4 
Hard DriveCoolingMonitorMonitor
1TB Samsung 960 EVO NVMe Silent custom liquid cooling Dell U3415W Dell U2715H 
KeyboardPowerCaseMouse
Corsair K70 Cherry MX Red Corsair AX860 /w custom length MDPC-x cables CaseLabs SMA8 Mionix Naos 7000 
CPUMotherboardGraphicsGraphics
[Intel] Core i5 2500K [ASUS] Maximus IV Extreme [Gainward] GeForce GTX 560 Ti Phantom 2 GB [Gainward] GeForce GTX 560 Ti Phantom 2 GB 
RAMHard DriveHard DriveOptical Drive
[G.Skill] Ripjaws-X [Corsair] Force Series 3 120GB [Samsung] F3 [Asus] DRW 24B3LT 
CoolingCoolingCoolingOS
[Corsair] H100 [Gainward] Phantom [Custom] Red Cooling [Microsoft] Windows 7 Ultimate 
MonitorKeyboardPowerCase
[Acer] 3x S221HQ EyeFinity [Logitech] G110 [Corsair] AX1200 [NZXT] Phantom Singularity mod by Xioros 
MouseMouse PadAudio
[Roccat] Kone [+] [Razer] Vespula [Logitech] X-530 5.1 Surround 
  hide details  
Reply
   
The Singularity
(19 items)
 
CPUMotherboardGraphicsRAM
Core i7 4790K @4GHz with stock cooler ASUS Maximus VI Gene GTX 1080 Ti G.Skill RipjawsX 16 GB 1600 MHz 
Hard DriveHard DriveOSMonitor
840 Pro Series 256 GB WD Black 3TB Windows 7 Pro x64 Dell U3415W 
KeyboardPowerCase
Dell U2715H Corsair AX860 with terrible MDPC-x sleeving job Corsair 350D 
CPUMotherboardGraphicsRAM
Undecided: Coffee Lake 6c? Undecided Nvidia GeForce GTX 1080 Ti 16 GB high-speed DDR4 
Hard DriveCoolingMonitorMonitor
1TB Samsung 960 EVO NVMe Silent custom liquid cooling Dell U3415W Dell U2715H 
KeyboardPowerCaseMouse
Corsair K70 Cherry MX Red Corsair AX860 /w custom length MDPC-x cables CaseLabs SMA8 Mionix Naos 7000 
CPUMotherboardGraphicsGraphics
[Intel] Core i5 2500K [ASUS] Maximus IV Extreme [Gainward] GeForce GTX 560 Ti Phantom 2 GB [Gainward] GeForce GTX 560 Ti Phantom 2 GB 
RAMHard DriveHard DriveOptical Drive
[G.Skill] Ripjaws-X [Corsair] Force Series 3 120GB [Samsung] F3 [Asus] DRW 24B3LT 
CoolingCoolingCoolingOS
[Corsair] H100 [Gainward] Phantom [Custom] Red Cooling [Microsoft] Windows 7 Ultimate 
MonitorKeyboardPowerCase
[Acer] 3x S221HQ EyeFinity [Logitech] G110 [Corsair] AX1200 [NZXT] Phantom Singularity mod by Xioros 
MouseMouse PadAudio
[Roccat] Kone [+] [Razer] Vespula [Logitech] X-530 5.1 Surround 
  hide details  
Reply
post #2 of 2
Just gimme a couple of min while I analyze it quickly.

Can you please download the following applications so long. BUT DO NOT RUN THEM YET!

Super antispyware
Malware bytes
Combofix
Tdskiller
Mgtools
OTL
CCLEANER

You can find Tdskiller at kaspersky site. Combofix at Combofix.org
Ccleaner, SAS AND MBAM you can download from filehippo.com

Just google mgtools majorgeek download for the link for it. Otl just google for its link aswell.

When I'm done with the log ill tell what to do coz there's a few things that must be done before the cleaning Proceses is started.

Please run otl
Here is the link for it
http://oldtimer.geekstogo.com/OTM.exe

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy ):


:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]


Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste .

Click the red Moveit! button.


Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Post its log when your done.
Edited by Spooony - 5/22/11 at 2:48pm
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security