Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

   
 
 Closed TopicStart new topic
> [Closed] Help with HIJThis log file, CWShredder reports CWS.Svchost32 problem
BabyOp
post Aug 5 2008, 02:20 PM
Post #1


New Member
*

Group: Authentic Member
Posts: 13
Joined: 13-May 05
Member No.: 32,340
Operating System: XP SP2
Hi all

Having a problem with a friends machine. I originally couldn't run any onlline scans or get anything to install. Eventually got somewhere and ran a couple of online scans and got Spybot and AVG to run the log now displays the following issues:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:14, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1130227887\ee\aolsoftware.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
c:\program files\common files\aol\1130227887\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1130227887\ee\aolsoftware.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O1 - Hosts: 66.180.173.39 google.ae
O1 - Hosts: 66.180.173.39 google.am
O1 - Hosts: 66.180.173.39 google.as
O1 - Hosts: 66.180.173.39 google.az
O1 - Hosts: 66.180.173.39 google.bi
O1 - Hosts: 66.180.173.39 google.cd
O1 - Hosts: 66.180.173.39 google.cg
O1 - Hosts: 66.180.173.39 google.ci
O1 - Hosts: 66.180.173.39 google.cl
O1 - Hosts: 66.180.173.39 google.co.cr
O1 - Hosts: 66.180.173.39 google.co.hu
O1 - Hosts: 66.180.173.39 google.co.in
O1 - Hosts: 66.180.173.39 google.co.je
O1 - Hosts: 66.180.173.39 google.co.jp
O1 - Hosts: 66.180.173.39 google.co.ke
O1 - Hosts: 66.180.173.39 google.co.ls
O1 - Hosts: 66.180.173.39 google.co.th
O1 - Hosts: 66.180.173.39 google.co.ug
O1 - Hosts: 66.180.173.39 google.co.uk
O1 - Hosts: 66.180.173.39 google.co.ve
O1 - Hosts: 66.180.173.39 google.dj
O1 - Hosts: 66.180.173.39 google.es
O1 - Hosts: 66.180.173.39 google.fm
O1 - Hosts: 66.180.173.39 google.gg
O1 - Hosts: 66.180.173.39 google.gl
O1 - Hosts: 66.180.173.39 google.gm
O1 - Hosts: 66.180.173.39 google.hn
O1 - Hosts: 66.180.173.39 google.kz
O1 - Hosts: 66.180.173.39 google.li
O1 - Hosts: 66.180.173.39 google.lt
O1 - Hosts: 66.180.173.39 google.lu
O1 - Hosts: 66.180.173.39 google.lv
O1 - Hosts: 66.180.173.39 google.mn
O1 - Hosts: 66.180.173.39 google.ms
O1 - Hosts: 66.180.173.39 google.mu
O1 - Hosts: 66.180.173.39 google.mw
O1 - Hosts: 66.180.173.39 google.no
O1 - Hosts: 66.180.173.39 google.off.ai
O1 - Hosts: 66.180.173.39 google.pn
O1 - Hosts: 66.180.173.39 google.pt
O1 - Hosts: 66.180.173.39 google.ro
O1 - Hosts: 66.180.173.39 google.ru
O1 - Hosts: 66.180.173.39 google.rw
O1 - Hosts: 66.180.173.39 google.se
O1 - Hosts: 66.180.173.39 google.sh
O1 - Hosts: 66.180.173.39 google.sk
O1 - Hosts: 66.180.173.39 google.sm
O1 - Hosts: 66.180.173.39 google.td
O1 - Hosts: 66.180.173.39 google.tm
O1 - Hosts: 66.180.173.39 google.tt
O1 - Hosts: 66.180.173.39 google.uz
O1 - Hosts: 66.180.173.39 google.vg
O1 - Hosts: 66.180.173.39 google.ae
O1 - Hosts: 66.180.173.39 google.am
O1 - Hosts: 66.180.173.39 google.as
O1 - Hosts: 66.180.173.39 google.az
O1 - Hosts: 66.180.173.39 google.bi
O1 - Hosts: 66.180.173.39 google.cd
O1 - Hosts: 66.180.173.39 google.cg
O1 - Hosts: 66.180.173.39 google.ci
O1 - Hosts: 66.180.173.39 google.cl
O1 - Hosts: 66.180.173.39 google.co.cr
O1 - Hosts: 66.180.173.39 google.co.hu
O1 - Hosts: 66.180.173.39 google.co.in
O1 - Hosts: 66.180.173.39 google.co.je
O1 - Hosts: 66.180.173.39 google.co.jp
O1 - Hosts: 66.180.173.39 google.co.ke
O1 - Hosts: 66.180.173.39 google.co.ls
O1 - Hosts: 66.180.173.39 google.co.th
O1 - Hosts: 66.180.173.39 google.co.ug
O1 - Hosts: 66.180.173.39 google.co.uk
O1 - Hosts: 66.180.173.39 google.co.ve
O1 - Hosts: 66.180.173.39 google.dj
O1 - Hosts: 66.180.173.39 google.es
O1 - Hosts: 66.180.173.39 google.fm
O1 - Hosts: 66.180.173.39 google.gg
O1 - Hosts: 66.180.173.39 google.gl
O1 - Hosts: 66.180.173.39 google.gm
O1 - Hosts: 66.180.173.39 google.hn
O1 - Hosts: 66.180.173.39 google.kz
O1 - Hosts: 66.180.173.39 google.li
O1 - Hosts: 66.180.173.39 google.lt
O1 - Hosts: 66.180.173.39 google.lu
O1 - Hosts: 66.180.173.39 google.lv
O1 - Hosts: 66.180.173.39 google.mn
O1 - Hosts: 66.180.173.39 google.ms
O1 - Hosts: 66.180.173.39 google.mu
O1 - Hosts: 66.180.173.39 google.mw
O1 - Hosts: 66.180.173.39 google.no
O1 - Hosts: 66.180.173.39 google.off.ai
O1 - Hosts: 66.180.173.39 google.pn
O1 - Hosts: 66.180.173.39 google.pt
O1 - Hosts: 66.180.173.39 google.ro
O1 - Hosts: 66.180.173.39 google.ru
O1 - Hosts: 66.180.173.39 google.rw
O1 - Hosts: 66.180.173.39 google.se
O1 - Hosts: 66.180.173.39 google.sh
O1 - Hosts: 66.180.173.39 google.sk
O1 - Hosts: 66.180.173.39 google.sm
O1 - Hosts: 66.180.173.39 google.td
O1 - Hosts: 66.180.173.39 google.tm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\apps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602DD5BD-6413-46D9-B655-937776DFEA19} - C:\WINDOWS\system32\ljJYRHBT.dll (file missing)
O2 - BHO: (no name) - {6BAF4B9A-3399-4233-A380-109DFD48E690} - C:\WINDOWS\system32\andcea.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {D8A7FBC6-AE1D-4743-9E70-21902FB19B6D} - C:\WINDOWS\system32\ljJAPIax.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130227887\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJAPIax - ljJAPIax.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.focusstoc.com/forums/uploads/11..._2_2_117383.jpg
O24 - Desktop Component 1: (no name) - http://www.wolves.premiumtv.co.uk/content/...R64/367353.JPEG

I;m no expert but it doesn't look right.

Thanks in advance for any replies.
Go to the top of the page
 
+Quote Post
LDTate
post Aug 12 2008, 05:03 PM
Post #2


Forum God
Group Icon

Group: Root Admin
Posts: 39,096
Joined: 23-September 04
From: Missouri, USA
Member No.: 15,276


Sorry about the delay in responding sad.gif

If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread.

Also please describe how your computer behaves at the moment.
Go to the top of the page
 
+Quote Post
LDTate
post Aug 20 2008, 04:58 PM
Post #3


Forum God
Group Icon

Group: Root Admin
Posts: 39,096
Joined: 23-September 04
From: Missouri, USA
Member No.: 15,276
Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 20th November 2008 - 10:35 AM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2008  IPS, Inc.