Jump to content

Build Theme!
  •  

Photo

skinus,bdo,pcts.tray.exe


  • Please log in to reply
1 reply to this topic

#1 roha

roha

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 03 August 2008 - 04:51 PM

Hi Everyone and anyone who could help. When I did a spybot scan it showed keyloggers and said hijacker etc. but when I tried to remove it through that process it looked different than it normally looked. When I sign off I see names like skinux, pcts.exe, bdo, windowname. Sometimes at the bottom of the screen where the icons are, I open it and then it will be closed and as soon as I open it again it will be closed again. I don't know what to do. All this is making my head spin. I hope I am presenting my situation in a coherent manner. Please help. Forever grateful. These are my logs. Was I supposed to copy both windows? These are from the notepad window.: Logfile of HijackThis v1.99.1 Scan saved at 6:28:04 PM, on 8/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Upd THIS IS FROM THE THE LIST WHERE YOU PICK WHAT TO DELETE Logfile of HijackThis v1.99.1 Scan saved at 6:28:04 PM, on 8/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Upd

Similar Topics: skinus,bdo,pcts.tray.exe     x


#2 shelf life

shelf life

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,191 posts

Posted 04 August 2008 - 06:06 PM

hi,

you didnt post the entire hjt log. its missing the bottom half. it should look like this: of course yours will look a little different than mine does:


Logfile of HijackThis v1.99.1
Scan saved at 6:54:53 PM, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\svchost.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\AntiPhorm\AntiPhorm_Lite.exe
C:\Program Files\Wireshark\wireshark.exe
C:\Program Files\Cain\Cain.exe
C:\Program Files\Network Stumbler\NetStumbler.exe
C:\Program Files\Legion\Legion.exe
C:\Program Files\Ulteo\Virtual Desktop\Virtual Desktop.exe
C:\Program Files\Ulteo\Virtual Desktop\colinux\colinux-daemon.exe
C:\Program Files\Ulteo\Virtual Desktop\xming\Xming.exe
C:\Program Files\Ulteo\Virtual Desktop\colinux\colinux-slirp-net-daemon.exe
C:\Program Files\Ulteo\Virtual Desktop\pulse\pulseaudio.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Documents and Settings\da\Desktop\malware\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\VISUAL~2\NTXcontext.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\VISUAL~2\NTXtoolbar.htm (HKCU)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Port Reporter (PortReporter) - Unknown owner - C:\Program Files\PortReporter\portreporter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users