Mackan Posted April 9, 2012 ID:541065 Share Posted April 9, 2012 I'd appreciate a comment on the following HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:01:27, on 2012-04-09Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program\AskBarDis\bar\bin\AskService.exeC:\Program\AskBarDis\bar\bin\ASKUpgrade.exeC:\WINDOWS\system32\svchost.exeC:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program\Ahead\InCD\InCDsrv.exeC:\Program\Delade filer\InterVideo\RegMgr\iviRegMgr.exeC:\Program\Java\jre6\bin\jqs.exeC:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exeC:\Program\Norton 360\Engine\5.2.1.3\ccSvcHst.exeC:\WINDOWS\System32\svchost.exeC:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program\Telia\Supportassistenten\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program\Telia\Supportassistenten\bin\tgsrvc.exeC:\Program\Norton 360\Engine\5.2.1.3\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program\Net iD\iid.exeC:\Program\Delade filer\Java\Java Update\jusched.exeC:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program\Personal\bin\Personal.exeC:\WINDOWS\system32\svchost.exeC:\Program\Trend Micro\HijackThis\Rensare.exeC:\Program\Internet Explorer\IEXPLORE.EXEC:\Program\Internet Explorer\IEXPLORE.EXEC:\Program\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exeC:\Program\Internet Explorer\IEXPLORE.EXEC:\Program\Outlook Express\msimn.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seb.se/pow/default.aspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LänkarO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program\AskBarDis\bar\bin\askBar.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton 360\Engine\5.2.1.3\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLLO2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton 360\Engine\5.2.1.3\coIEPlg.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [iAAnotif] "C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe"O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe"O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJäNST')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 6.0\Distillr\acrotray.exeO4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exeO16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ASKService - Unknown owner - C:\Program\AskBarDis\bar\bin\AskService.exeO23 - Service: ASKUpgrade - Unknown owner - C:\Program\AskBarDis\bar\bin\ASKUpgrade.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exeO23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program\Ahead\InCD\InCDsrv.exeO23 - Service: IviRegMgr - InterVideo - C:\Program\Delade filer\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exeO23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program\Norton 360\Engine\5.2.1.3\ccSvcHst.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exeO23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exeO23 - Service: SupportSoft Sprocket Service (teliada) (sprtsvc_teliada) - SupportSoft, Inc. - C:\Program\Telia\Supportassistenten\bin\sprtsvc.exeO23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exeO23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe (file missing)O23 - Service: SupportSoft Repair Service (teliada) (tgsrvc_teliada) - SupportSoft, Inc. - C:\Program\Telia\Supportassistenten\bin\tgsrvc.exe--End of file - 9325 bytesThanks/Mackan Link to post Share on other sites More sharing options...
MrCharlie Posted April 9, 2012 ID:541126 Share Posted April 9, 2012 We don't use HJT for malware any more, with todays malware it just doesn't show enough.The log is clean, but I would suggest you uninstall the ask toolbar:C:\Program\AskBarDisMrC Link to post Share on other sites More sharing options...
MrCharlie Posted April 12, 2012 ID:542032 Share Posted April 12, 2012 How are we doing??Do you still need help or can I close this post??MrC Link to post Share on other sites More sharing options...
LDTate Posted April 16, 2012 ID:543156 Share Posted April 16, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts