Hijackthis Log File

Logfile of HijackThis v1.99.1
Scan saved at 1:43:34 PM, on 5/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\xampp\apache\bin\apache.exe
D:\WINDOWS\System32\cisvc.exe
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\xampp\mysql\bin\mysqld-nt.exe
E:\oracle\ora90\bin\agntsrvc.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0\bin\jusched.exe
D:\WINDOWS\system32\cmd.exe
e:\oracle\ora90\bin\ORACLE.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\oracle\ora90\bin\dbsnmp.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Kerio\Personal Firewall\persfw.exe
D:\Program Files\xampp\apache\bin\apache.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\System32\cidaemon.exe
D:\WINDOWS\System32\cidaemon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to AD Black List - D:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - D:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - D:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - D:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - D:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92446D41-C3B9-4389-A119-2BA84B0AABDD}: NameServer = 218.248.240.208 218.248.240.135
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - D:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - D:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
O23 - Service: Apache2.2 - Unknown owner - D:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: mysql - Unknown owner - D:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=D:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: OracleOraHome90Agent - Oracle Corporation - E:\oracle\ora90\bin\agntsrvc.exe
O23 - Service: OracleOraHome90ClientCache - Unknown owner - E:\oracle\ora90\BIN\ONRSD.EXE
O23 - Service: OracleOraHome90HTTPServer - Unknown owner - E:\oracle\ora90\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome90PagingServer - Unknown owner - E:\oracle\ora90/bin/pagntsrv.exe
O23 - Service: OracleOraHome90SNMPPeerEncapsulator - Unknown owner - E:\oracle\ora90\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome90SNMPPeerMasterAgent - Unknown owner - E:\oracle\ora90\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome90TNSListener - Unknown owner - E:\oracle\ora90\BIN\TNSLSNR.exe
O23 - Service: OracleOrahomeTNSListener - Unknown owner - D:\oracle\ora90\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceTEST - Oracle Corporation - e:\oracle\ora90\bin\ORACLE.EXE
O23 - Service: OracleServiceTESTME - Oracle Corporation - e:\oracle\ora90\bin\ORACLE.EXE
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall\persfw.exe

Hi dave_cool,

I can't see any malware in your log, this doesn't mean your machine is clean, but do you have any reason to suspect you have been infected?

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to infections, and we're both just wasting our time.
Click here to get WinXP SP1a: http://www.microsoft...p1/default.mspx

Apply the update, reboot, then go to Windows Update and install all the Critical Updates (Note: Except for WinXP SP2)
Click here for Windows Update: http://www.windowsupdate.com/
Be sure to reboot your machine after this process.

Once you are fully up to date, open HijackThis, select Open the Misc Tools section
Press the Open Uninstall Manager... button, then press Save list...
Save the Uninstall log to your deskop and include a copy in your next response.
Now press Back and Scan and then Save log to create and save a new HijackThis log.

When complete, please post the uninstall list and a new HijackThis log.

Body Background

skin color theme

#1 dave_cool

Advertisements

Register to Remove

#2 silver

#3 silver

#4 dave_cool

#5 silver

#6 silver

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us