 [Closed] basline |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Jun 29 2009, 09:04 AM
Post
#1
|
|
 Authentic Member  Group: Authentic Member Posts: 34 Joined: 29-June 09 Member No.: 86,465 Operating System: windows vista  |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02, on 2009-06-29 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\BTModemProtection.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [BTModemProtection] BTModemProtection.lnk O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 4702 bytes |
 |
 
|
Posts in this topic
maco [Closed] basline Jun 29 2009, 09:04 AM
CatByte Hi and Welcome,
NOTE:Malware removal is NOT insta... Jun 30 2009, 07:40 AM maco DDS (Ver_09-06-26.01) - NTFSx86
Run by bob at 7... Jul 1 2009, 12:36 AM maco Hello. I tried to copy the gmer rootkit thingy but... Jul 1 2009, 12:38 AM maco Hello. I have had to write the rootkit log down he... Jul 1 2009, 03:17 AM CatByte Hi,
Most of the DDS log appears to be missing fro... Jul 1 2009, 04:03 AM maco Hello. I am of limited experience is there any cha... Jul 2 2009, 01:59 AM CatByte Hi,
By all means. Please let me know if anything ... Jul 2 2009, 05:29 AM maco Hello Doug. Can you please repost the link for dds... Jul 3 2009, 11:22 AM maco Hello Doug. I 've become a bit confused alread... Jul 3 2009, 11:27 AM maco Hello Doug. I think I have finally got it fingers ... Jul 3 2009, 11:36 AM CatByte Hi,
Please do the following:
Download Combofix ... Jul 3 2009, 05:06 PM maco ComboFix 09-07-03.03 - bob 2009-07-04 9:05.1 - NT... Jul 4 2009, 02:17 AM CatByte Hi
Please do the following:
Very Important! ... Jul 4 2009, 04:12 AM maco Hello Doug. I have tried to drag fscript.txt into ... Jul 4 2009, 03:09 PM CatByte
save this attachment to your desktop
then do... Jul 4 2009, 03:56 PM maco Hello Doug. I copied and pasted the % thing and ra... Jul 5 2009, 12:06 AM CatByte Hi,
You're doing fine, we need to do that aga... Jul 5 2009, 06:54 AM maco Hello Doug. Is this OK.
bob.
ComboFix 09-07-05.03 ... Jul 6 2009, 02:04 AM CatByte Hi,
Please do the following:
Download TFC to you... Jul 6 2009, 05:52 AM maco Hello Doug. Ran TFC 39.4mbs removed. Malwarebytes ... Jul 6 2009, 02:10 PM CatByte Hi,
Please run this program so I can be certain y... Jul 6 2009, 02:43 PM maco Hello Doug. Here is the report log.
OTL logfile cr... Jul 6 2009, 04:28 PM CatByte Hi
Please do the following:
Run OTL.exe
Copy/pas... Jul 6 2009, 05:04 PM maco Hello Doug. I think you have done it.
All processe... Jul 6 2009, 09:01 PM CatByte can you describe how your computer is running now ... Jul 6 2009, 09:14 PM maco Hello Doug. The machine seems to be preforming a l... Jul 7 2009, 02:37 AM maco Hello Doug. Just an update on the computer it has ... Jul 7 2009, 03:40 AM CatByte Hi,
That was only half the HJT log...so please gi... Jul 7 2009, 05:21 AM
CatByte Due to inactivity this topic will be closed.
If yo... Jul 12 2009, 07:53 PM |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
3 | harliequin | 113 | Today, 03:30 AM Last post by: oldman960 |
|||
|
2 | ArtemusGordon | 70 | Yesterday, 09:41 AM Last post by: LDTate |
|||
|
5 | livewiredrinker | 92 | Yesterday, 09:23 AM Last post by: SweetTech |
|||
|
2 | jskamm | 433 | 15th March 2010 - 02:53 PM Last post by: LDTate |
|||
|
Time is now: 17th March 2010 - 08:41 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
