Jump to content

Another HijackThis Log


Recommended Posts

Hi there one more time.

A have a new log, can anyone helpme?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:57:25, on 27-04-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\DWRCS.EXE

C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\McAfee\Common Framework\FrameworkService.exe

C:\Programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ficheiros comuns\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINDOWS\system32\DWRCST.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programas\Java\jre6\bin\jusched.exe

C:\Programas\McAfee\Common Framework\UdaterUI.exe

C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe

C:\windows\Media\AvMsUpd.exe

C:\Programas\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.24.5:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet.ring*;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperliga

Link to post
Share on other sites

Hello and welcome to Malwarebytes forum!

What sort of problem are you experiencing - please describe fully the symptoms and whether you used any scanners prior to posting. If so did, did the scanners detect any threats, and if so, did you save the logs?

Let's run some more tools.

Please download ATF Cleaner by Atribune

  • Close Internet Explorer and any other open browsers
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click

  • No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

_____________________________________________

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from:

BestTechie.net

http://www.besttechie.net/tools/mbam-setup.exe

or

MajorGeeks.com:

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

Double-click mbam-setup.exe and follow the prompts to install the program. At the end of the install, place a checkmark next to the following two options:

  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • MBAM will automatically update, if the above options are checked.
  • Once the program launches, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK -> Show Results to view the scan results.
  • Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.
  • When the scan is done, a log will open in Notepad with the scan results. Please post the results in your next reply.

____________

NOTE: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

____________

Download DDS and save it to your desktop from here

dds_scr.gif

Disable any script blocking programs you may have installed (such as Norton script blocking), and then double-click dss.scr to run the tool.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt

    [*]Save both reports to your desktop

    [*]Please copy and paste both logs into your next reply - do NOT attach them.

===============================================================

Please post the MBAM log, the DDS scan reports (do NOT attach), and a new HJT log.

Link to post
Share on other sites

You're welcome, but I am not seeing anything wrong in your logs.

You didn't answer this question I asked that would perhaps shed more light on your problems:

What sort of problem are you experiencing - please describe fully the symptoms and whether you used any scanners prior to posting. If so did, did the scanners detect any threats, and if so, did you save the logs?

You should update your version of the Sun Java Platform (JRE) to the newest version which is Java Runtime Environment (JRE) 6 Update 13:

1. Download the latest JRE version at the http://java.sun.com/javase/downloads/index.jsp Sun Microsystem's website

2. Select the option that says: Java SE Runtime Environment (JRE) 6 Update 13 - "This release includes several key security updates, the highly anticipated 64-bit Java Plug-In (for 64-bit browsers only), Windows Server 2008 support, and performance improvements of Java and JavaFX applications", and click Download button.

3. Select your platform: Windows, in the pull down menu.

4. Check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement."

5. Click Continue.

6. Under the Windows Platform - Java SE Runtime Environment 6 Update 13 section, click on the link to download the Windows Offline Installation and save the installer to your desktop.

7. Close any programs you may have running - especially your web browser.

8. Next, remove all older versions of the Sun Java Platform using the Control Panel's Add/Remove Program feature (as they may contain security vulnerabilities).

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

Java 2 Runtime Environment, SE v1.4.2

Java

Link to post
Share on other sites

You're welcome, jonasthern!

Good job! I am glad that things worked out well for you.

Please take the following measures to keep you system in good working order:

Flush your system restore points so you have a suitable backup should you need to restore your system files:

Turn off System Restore:

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

Reboot

Turn System Restore back on:

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

=================================

Here are some additional measures you should take to keep your system in good working order and ensure your continued security.

1. Scan your system for outdated versions of commonly used software applications that may also cause your PC be vulnerable, using the Secunia Online Software Inspector (OSI)

Just click the "Start Scanner" button to get a listing of all outdated and possibly insecure resident programs.

Note: If your firewall prompts you about access, allow it.

2. Keep MBAM as an on demand scanner because I highly recommend it, and the quick scan will find most all active malware in minutes.

3. You can reduce your startups by downloading Malwarebyte's StartUp Lite and saving it to a convenient location. Just double-click StartUpLite.exe. The check the options you would like based on the descriptions provided, then select continue. This will free up system resources because nonessential background programs will no longer be running when you start up your computer.

Finally, please follow the suggestions offered by Tony Klein in How did I get infected in the first place. so you can maintain a safe and secure computing environment.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.