Jump to content

Please Help

darold

By darold,
in Resolved Malware Removal Logs

 Share

Recommended Posts

darold

darold

Posted
Posted

Can somebody that knows how to read my HiJackThis Log file please give me a hand reading this. It would be much appreciated. Thanks Sorry I couldnt upload for some reason so I'll paste it here

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:17:01 PM, on 9/29/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\osk.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O1 - Hosts: ::1 localhost

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O1 - Hosts: 200.124.131.116 casinocontroller.com

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKCU\..\Run: [?????????] ??????????????e

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~4.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SU 3.23; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.candystand.com/play/ten-pin-bowling"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')

O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Platinum Play Online Casino - 0604C341-F858-4CDE-85D5-BC50CFD64DAC - C:\Microgaming\Casino\PlatinumPlay\Casinogame.exe (HKCU)

O9 - Extra button: Platinum Play Online Casino - D80BC768-A5CD-403C-8F6C-C16A94A474A3 - C:\Microgaming\Casino\PlatinumPlay\Casinogame.exe (HKCU)

O9 - Extra button: Aspinalls Online Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\aspinallsMPP\MPPoker.exe (file missing) (HKCU)

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\D's Nutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\D's Nutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1ca0e2b468aa5af) (gupdate1ca0e2b468aa5af) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 13740 bytes

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay, well since it looks like you have moved on I'll go ahead and close this post now.

Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept