jyml Posted September 27, 2010 Report Share Posted September 27, 2010 Logfile of Trend Micro HijackThis v2.0.4Scan saved at 00:07:33, on 28/09/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS2\System32\smss.exeC:\WINDOWS2\system32\winlogon.exeC:\WINDOWS2\system32\services.exeC:\WINDOWS2\system32\lsass.exeC:\WINDOWS2\system32\svchost.exeC:\WINDOWS2\System32\svchost.exeC:\WINDOWS2\system32\spoolsv.exeC:\WINDOWS2\Explorer.EXEC:\WINDOWS2\ehome\ehtray.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\CyberLink\PowerCinema\PCMService.exeC:\Program Files\F-Secure\Common\FSM32.EXEC:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exeC:\WINDOWS2\system32\RunDll32.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS2\system32\RUNDLL32.EXEC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\WINDOWS2\system32\ctfmon.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Documents and Settings\Jeremy.D6526930AFD54FB\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXEC:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exeC:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exeC:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exeC:\WINDOWS2\system32\CTsvcCDA.EXEC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exeC:\WINDOWS2\eHome\ehRecvr.exeC:\WINDOWS2\eHome\ehSched.exeC:\Program Files\F-Secure\Anti-Virus\fsgk32st.exeC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXEC:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exeC:\Program Files\F-Secure\Anti-Virus\fssm32.exeC:\Program Files\F-Secure\Common\FSMA32.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\F-Secure\Common\FSMB32.EXEC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\F-Secure\Common\FCH32.EXEC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\Program Files\F-Secure\Anti-Virus\fsqh.exeC:\Program Files\F-Secure\Common\FAMEH32.EXEC:\WINDOWS2\system32\nvsvc32.exeC:\Program Files\F-Secure\Anti-Virus\fsrw.exeC:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeC:\WINDOWS2\system32\IoctlSvc.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS2\system32\svchost.exeC:\WINDOWS2\system32\MsPMSPSv.exeC:\WINDOWS2\eHome\ehmsas.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS2\system32\dllhost.exeC:\Program Files\F-Secure\Common\FNRB32.EXEC:\Program Files\F-Secure\FWES\Program\fsdfwd.exeC:\Program Files\F-Secure\Common\FIH32.EXEC:\Program Files\F-Secure\Anti-Virus\fsav32.exeC:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exeC:\Program Files\F-Secure\FSGUI\fsguidll.exeC:\Documents and Settings\Jeremy.D6526930AFD54FB\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seekgoouk.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS2\ehome\ehtray.exeO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splashO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSWO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitorO4 - HKLM\..\Run: [updReg] C:\WINDOWS2\UpdReg.EXEO4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logonO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /RO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exeO4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jeremy.D6526930AFD54FB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exeO8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dllO9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows2\system32\nwprovau.dllO16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS2\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS2\system32\browseui.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXEO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS2\system32\CTsvcCDA.EXEO23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exeO23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXEO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exeO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exeO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXEO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exeO23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS2\system32\IoctlSvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe--End of file - 14608 bytes Quote Link to post Share on other sites
TheTerrorist_75 Posted September 28, 2010 Report Share Posted September 28, 2010 We do not use HJT to resolve malware issues. Please read these directions and post the required logs.How To Post An Otl Log, Easy to Follow Guide Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.