Help Me My Pc Is Runing Software I Don't Know[INACTIVE]

xmanmta · November 13, 2007

Logfile of HijackThis v1.99.1

Scan saved at 12:45:36 PM, on 11/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Documents and Settings\All Users\Ultra Hal Assistant 6\HalAsst.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/?rs=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google

Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google

Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program

Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program

Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program

Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero

BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager]

C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio

Sandbox\SRSSSC.exe" /hideme

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE"

-quiet

O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org

2.2\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google

Updater\GoogleUpdater.exe

O4 - Global Startup: Ultra Hal Assistant 6 Startup.lnk = C:\Documents and

Settings\All Users\Ultra Hal Assistant 6\HalAsst.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted IP range: http://192.168.1.1

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AST Service (astcc) - Unknown owner -

C:\WINDOWS\system32\AstSrv.exe (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps)

- Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries

Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Google Desktop Manager 5.5.709.30344

(GoogleDesktopManager-093007-112848) - Google - C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel

32\IDriverT.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National

Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) -

National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) -

National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

BackItUp\NBService.exe

O23 - Service: National Instruments Domain Service (NIDomainService) -

National Instruments, Inc. - C:\Program Files\National

Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program

Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. -

C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

sarahw · December 2, 2007

Hi,

Welcome to the site

I will be handling your log to help you get cleaned up. As it has been a while since you first posted you log, please rescan and post a fresh Hijack This log as a reply to this topic. This is because your computers condition may have changed. Also, in notepad, turn off Wordwrap. Click Format, then uncheck Wordwrap.

I want you to show hidden files. There are instructions HERE to help you do this.

You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.

Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.

These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat.

Edited December 2, 2007 by sarahw

Sign In

Help Me My Pc Is Runing Software I Don't Know[INACTIVE]

Recommended Posts

xmanmta

Link to post

Share on other sites

sarahw

Link to post

Share on other sites

Browse

Activity