TheTrueDarkOne Posted June 1, 2006 Report Share Posted June 1, 2006 well its a friends PC and I think it has a trojanF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe I believe that is a trojan, but I am no expert so i could be wrongLogfile of HijackThis v1.99.1Scan saved at 8:25:31 PM, on 31/05/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Acer\eManager\anbmServ.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\keyhook.exeC:\Program Files\Arcade\PCMService.exeC:\Program Files\Launch Manager\QtZgAcer.EXEC:\Program Files\Messenger\msmsgs.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\system32\sistray.exeC:\Program Files\acer\eRecovery\Monitor.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HIJACK\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpede.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netpede.com/F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\Popup\popup.dllO3 - Toolbar: Liquid Internet - {45480C0F-8176-480e-A38A-B0F8F191D17D} - C:\Program Files\Internet Explorer\PLUGINS\toolbar1811312.dllO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exeO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXEO4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exeO4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -bootO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO9 - Extra button: Liquid Internet - {4BA7AAA4-1F2F-436e-A877-8B0FB2418D33} - C:\Program Files\Internet Explorer\PLUGINS\toolbar1811312.dllO9 - Extra 'Tools' menuitem: Liquid Internet - {4BA7AAA4-1F2F-436e-A877-8B0FB2418D33} - C:\Program Files\Internet Explorer\PLUGINS\toolbar1811312.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {A6FF3C3C-F33A-4269-9300-2682DB3B3441} (McciUtilsRegistry Class) - https://ehelp.telus.net/lwp/static/installe...r_2-0-0_dsl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.69/ePlayer/2_0/ACNePlayer.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe Link to post Share on other sites
Matt Posted June 15, 2006 Report Share Posted June 15, 2006 Hi TheTrueDarkOne. I have no idea why your log sat here for so long with no reply. If you are still having issues, please do a new HJT can and post a new log. Once again, I am very sorry for the wait. Matt Link to post Share on other sites
Matt Posted June 26, 2006 Report Share Posted June 26, 2006 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Link to post Share on other sites
Recommended Posts