Hijack Log[INACTIVE]

MrsC

By MrsC,
in Malware Removal

 Share Followers 0

Recommended Posts

MrsC

MrsC

Posted
Posted

1. Background: I am having a problem with my desktop being very slow. It is shared and I don't use it often so I can't recall at what time when it slowed down--so I don't know what was installed to make it act like this. Some programs open and work choppy and some when I go to run they show in the processes but the UI never loads or sometimes loads after several minutes. Also when I go to My Computer it gives me the magnifying glass for a long time but I can just type the drive letter and that will load.

2. My Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:36:23 AM, on 12/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir

PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir

PersonalEdition Classic\avguard.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program

Files\Kodak\printer\center\KodakSvc.exe

C:\Program Files\Common

Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\StartupMonitor.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3

\EKIJ5000MUI.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Zune\ZuneLauncher.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir

PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\YourWare

Solutions\FreeRAM XP Pro\FreeRAM XP

Pro.exe

C:\Program Files\Mozilla

Firefox\firefox.exe

C:\Program Files\Skype\Plugin

Manager\skypePM.exe

C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ycomp/def

aults/su/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

https://pbells.broadjump.com/wizlet/BellSo

uth53/launch.htm

O2 - BHO: (no name) -

{02478D38-C3F9-4efb-9B51-7695ECA05670} -

(no file)

O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plug

in.dll

O3 - Toolbar: (no name) -

{D0943516-5076-4020-A3B5-AEFAF26AB263} -

(no file)

O3 - Toolbar: AT&&T Toolbar -

{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -

C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

O3 - Toolbar: Veoh Web Player Video Finder

- {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} -

C:\Program Files\Veoh

Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [Run StartupMonitor]

StartupMonitor.exe

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3

\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe"

-atboottime

O4 - HKLM\..\Run: [NvMediaCenter]

RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbar

Init

O4 - HKLM\..\Run: [HelpCenter4.1]

C:\Program

Files\FastAccessDSL\HelpCenter43\bin\sprtc

md.exe /P HelpCenter4.1

O4 - HKLM\..\Run: [Zune Launcher]

"C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program

Files\Avira\AntiVir PersonalEdition

Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched]

"C:\Program

Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program

Files\Skype\Phone\Skype.exe" /nosplash

/minimized

O4 - HKCU\..\Run: [NvMediaCenter]

RUNDLL32.EXE

C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbar

Init

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program

Files\YourWare Solutions\FreeRAM XP

Pro\FreeRAM XP Pro.exe" -win

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce:

[WUAppSetup] C:\Program Files\Common

Files\logishrd\WUApp32.exe -v 0x046d -p

0x092e -f video -m logitech -d 11.5.0.1145

(User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce:

[WUAppSetup] C:\Program Files\Common

Files\logishrd\WUApp32.exe -v 0x046d -p

0x092e -f video -m logitech -d 11.5.0.1145

(User 'Default user')

O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program

Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &eBay Search

- res://C:\Program Files\eBay\eBay

Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.

EXE/3000

O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot -

Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: PartyPoker.net -

{F4430FE8-2638-42e5-B849-800749B94EED} -

C:\Program

Files\PartyGaming.Net\PartyPokerNet\RunPF.

exe (file missing)

O9 - Extra 'Tools' menuitem:

PartyPoker.net -

{F4430FE8-2638-42e5-B849-800749B94EED} -

C:\Program

Files\PartyGaming.Net\PartyPokerNet\RunPF.

exe (file missing)

O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe

(file missing)

O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe

(file missing)

O12 - Plugin for .spop: C:\Program

Files\Internet

Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone:

http://toolbar.imageshack.us

O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF:

{406B5949-7190-4245-91A9-30A17DE16AD0}

(Snapfish Activia) -

http://photos.walmart.com/WalmartActivia.c

ab

O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdat

e/v6/V5Controls/en/x86/client/muweb_site.c

ab?1154876596614

O16 - DPF:

{E87F6C8E-16C0-11D3-BEF7-009027438003}

(Persits Software XUpload) -

http://www.auctiva.com/hostedimages/active

x/xupload/XUpload.ocx

O18 - Protocol: linkscanner -

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

(no file)

O18 - Protocol: skype4com -

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: karna.dat

O23 - Service: Adobe LM Service - Unknown

owner - C:\Program Files\Common

Files\Adobe Systems

Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal -

Free Antivirus Scheduler

(AntiVirScheduler) - Avira GmbH -

C:\Program Files\Avira\AntiVir

PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal -

Free Antivirus Guard (AntiVirService) -

Avira GmbH - C:\Program

Files\Avira\AntiVir PersonalEdition

Classic\avguard.exe

O23 - Service: AVG7 Alert Manager Server

(Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service

(Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG Free8 E-mail Scanner

(avg8emc) - Unknown owner -

C:\PROGRA~1\AVG\AVG8\avgemc.exe (file

missing)

O23 - Service: AVG Free8 WatchDog (avg8wd)

- Unknown owner -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file

missing)

O23 - Service: Canon Camera Access Library

8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM

Access - Unknown owner -

C:\WINDOWS\System32\CTsvcCDA.EXE (file

missing)

O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe

O23 - Service: iPodService - Unknown owner

- C:\Program

Files\iPod\bin\iPodService.exe (file

missing)

O23 - Service: Java Quick Starter

(JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak AiO Device Service

(KodakSvc) - SDSD - C:\Program

Files\Kodak\printer\center\KodakSvc.exe

O23 - Service: LVSrvLauncher - Logitech

Inc. - C:\Program Files\Common

Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McciCMService - Motive

Communications, Inc. - C:\Program

Files\Common

Files\Motive\McciCMService.exe

O23 - Service: NVIDIA Display Driver

Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 9039 bytes

Link to post
Share on other sites
Rorschach112

Rorschach112

Posted
Posted

Open notepad, click Format, uncheck wordwrap

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing