Jump to content

Not sure what to fix in HijackThis

cogold
 Share

Recommended Posts

cogold

cogold

Posted
  • Author
Posted
I found HijackThis on Cnet. I ran it but really don't know what I'm doing. I can't get my computer to run faster or quit locking up on me. I'm having major problems. Please help! Thank you.

OOPS! I FORGOT MY LOG.

Logfile of Trend Micro

HijackThis v2.0.2

Scan saved at 9:27:47 AM, on

5/8/2010

Platform: Windows XP SP3 (WinNT

5.01.2600)

MSIE: Internet Explorer v8.00

(8.00.6001.18702)

Boot mode: Normal

Windows folder: C:\WINDOWS

System folder:

C:\WINDOWS\SYSTEM32

Hosts file:

C:\WINDOWS\System32\drivers\etc\

hosts

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program

Files\McAfee\SiteAdvisor\McSACor

e.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.

exe

c:\PROGRA~1\COMMON~1\mcafee\mna\

mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcpr

oxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsh

ield.exe

C:\Program

Files\McAfee\MPF\MPFSrv.exe

C:\Program

Files\Microsoft\Search

Enhancement

Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsy

smon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

c:\PROGRA~1\mcafee.com\agent\mca

gent.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common

Files\Java\Java

Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common

Files\InstallShield\UpdateServic

e\ISUSPM.exe

C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceSer

vice.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet

Explorer\iexplore.exe

C:\Program Files\Internet

Explorer\iexplore.exe

C:\Program Files\Internet

Explorer\iexplore.exe

C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

C:\Program Files\Mozilla

Firefox\firefox.exe

R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL

=

http://go.microsoft.com/fwlink/?

LinkId=54896

R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?

LinkId=54896

R0 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?

LinkId=69157

O2 - BHO: (no name) -

{06849E9F-C8D7-4D59-B87D-784B7D6

BE0B3} - (no file)

O2 - BHO: Search Helper -

{6EBF7485-159F-4bff-A14F-B9E3AAC

4465B} - C:\Program

Files\Microsoft\Search

Enhancement Pack\Search

Helper\SEPsearchhelperie.dll

O2 - BHO: scriptproxy -

{7DB2D5A0-7241-4E79-B68D-6309F01

C5231} - C:\Program

Files\McAfee\VirusScan\scriptsn.

dll

O2 - BHO: McAfee SiteAdvisor BHO

-

{B164E929-A1B6-4A06-B104-2CD0E90

A88FF} -

c:\PROGRA~1\mcafee\SITEAD~1\mcie

plg.dll

O2 - BHO: Ask Toolbar BHO -

{D4027C7F-154A-4066-A1AD-4243D81

27440} - C:\Program

Files\Ask.com\GenericAskToolbar.

dll

O2 - BHO: Java Plug-In 2 SSV

Helper -

{DBC80044-A445-435b-BC74-9C25C1C

588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl

-

{E7E6F031-17CE-4C07-BC86-EABFE59

4F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\i

e\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor

Toolbar -

{0EBBBE48-BAD4-4B4C-8E5A-516ABEC

AE064} -

c:\PROGRA~1\mcafee\SITEAD~1\mcie

plg.dll

O3 - Toolbar: Foxit Toolbar -

{D4027C7F-154A-4066-A1AD-4243D81

27440} - C:\Program

Files\Ask.com\GenericAskToolbar.

dll

O4 - HKLM\..\Run: [igfxTray]

C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [mcagent_exe]

"C:\Program

Files\McAfee.com\Agent\mcagent.e

xe" /runkey

O4 - HKLM\..\Run: [McENUI]

C:\PROGRA~1\McAfee\MHN\McENUI.ex

e /hide

O4 - HKLM\..\Run:

[blackBerryAutoUpdate]

C:\Program Files\Common

Files\Research In Motion\Auto

Update\RIMAutoUpdate.exe

/background

O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\qttask.exe"

-atboottime

O4 - HKLM\..\Run: [iTunesHelper]

"C:\Program

Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run:

[bluetoothAuthenticationAgent]

rundll32.exe

bthprops.cpl,,BluetoothAuthentic

ationAgent

O4 - HKLM\..\Run: [brMfcWnd]

C:\Program

Files\Brother\Brmfcmon\BrMfcWnd.

exe /AUTORUN

O4 - HKLM\..\Run:

[ControlCenter3] C:\Program

Files\Brother\ControlCenter3\brc

trcen.exe /autorun

O4 - HKLM\..\Run:

[sunJavaUpdateSched] "C:\Program

Files\Common Files\Java\Java

Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cdloader]

"C:\Documents and

Settings\Administrator\Applicati

on Data\mjusbsp\cdloader2.exe"

MAGICJACK

O4 - HKCU\..\Run: [iSUSPM]

"C:\Program Files\Common

Files\InstallShield\UpdateServic

e\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [HijackThis

startup scan] C:\Program

Files\Trend

Micro\HijackThis\HijackThis.exe

/startupscan

O4 - Global Startup: MozyHome

Status.lnk = C:\Program

Files\MozyHome\mozystat.exe

O8 - Extra context menu item:

Save Page As PDF ... -

file://C:\Program Files\Nitro

PDF\PDF Download\nitroweb.htm

O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571

A8263} -

C:\PROGRA~1\MICROS~2\Office12\RE

FIEBAR.DLL

O9 - Extra button: (no name) -

{96538116-AB8C-4879-9F21-BD2BFE2

2A414} -

C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem:

Enable/Disable PDF Download for

this site -

{96538116-AB8C-4879-9F21-BD2BFE2

2A414} -

C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) -

{AD9E6088-E00B-42f9-9F0C-8480525

D234E} -

C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PDF

Download - Options -

{AD9E6088-E00B-42f9-9F0C-8480525

D234E} -

C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba384

96583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba384

96583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F7

95683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F7

95683} - C:\Program

Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock

LSP:

c:\windows\system32\nwprovau.dll

O16 - DPF:

{34DC6011-88B5-4EA9-BA7A-DC7B4F4

437FE} (JordanUploader Class) -

http://www.seehere.com/ips-opdat

a/layout/fujius02/objects/jordan

-canvasx.cab

O16 - DPF:

{5ED80217-570B-4DA9-BF44-BE107C0

EC166} (Windows Live Safety

Center Base Module) -

http://cdn.scan.onecare.live.com

/resource/download/scanner/wlscb

ase6796.cab

O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33

E833C} (WUWebControl Class) -

http://update.microsoft.com/wind

owsupdate/v6/V5Controls/en/x86/c

lient/wuweb_site.cab?12516767004

21

O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91

D2FC3} (MUWebControl Class) -

http://update.microsoft.com/micr

osoftupdate/v6/V5Controls/en/x86

/client/muweb_site.cab?125169134

1250

O16 - DPF:

{6F15128C-E66A-490C-B848-5000B5A

BEEAC} (HP Download Manager) -

https://h20436.www2.hp.com/ediag

s/dex/secure/HPDEXAXO.cab

O16 - DPF:

{A9F8D9EC-3D0A-4A60-BD82-FBD64BA

D370D} (DDRevision Class) -

http://h20264.www2.hp.com/ediags

/dd/install/HPDriverDiagnosticsx

p2k.cab

O16 - DPF:

{D27CDB6E-AE6D-11CF-96B8-4445535

40000} (Shockwave Flash Object)

-

http://fpdownload2.macromedia.co

m/get/shockwave/cabs/flash/swfla

sh.cab

O16 - DPF:

{E2883E8F-472F-4FB0-9522-AC9BF37

916A7} -

http://platformdl.adobe.com/NOS/

getPlusPlus/1.6/gp.cab

O16 - DPF:

{E5F5D008-DD2C-4D32-977D-1A0ADF0

3058B} (JuniperSetupControlXP

Class) -

https://ssl.water.ca.gov/dana-ca

ched/setup/JuniperSetupSP1.cab

O18 - Protocol: dssrequest -

{5513F07E-936B-4E52-9B00-067394E

91CC5} -

c:\PROGRA~1\mcafee\SITEAD~1\mcie

plg.dll

O18 - Protocol: sacore -

{5513F07E-936B-4E52-9B00-067394E

91CC5} -

c:\PROGRA~1\mcafee\SITEAD~1\mcie

plg.dll

O23 - Service: McAfee

Application Installer Cleanup

(0160321273274968)

(0160321273274968mcinstcleanup)

- McAfee, Inc. -

C:\WINDOWS\TEMP\016032~1.EXE

O23 - Service: Apple Mobile

Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile

Device

Support\bin\AppleMobileDeviceSer

vice.exe

O23 - Service: Google Update

Service (gupdate) (gupdate) -

Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate

.exe

O23 - Service: InstallDriver

Table Manager (IDriverT) -

Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\1050\

Intel 32\IDriverT.exe

O23 - Service: iPod Service -

Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick

Starter

(JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee

SiteAdvisor Service - McAfee,

Inc. - C:\Program

Files\McAfee\SiteAdvisor\McSACor

e.exe

O23 - Service: McAfee Services

(mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.

exe

O23 - Service: McAfee Network

Agent (McNASvc) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mna\

mcnasvc.exe

O23 - Service: McAfee Scanner

(McODS) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcod

s.exe

O23 - Service: McAfee Proxy

Service (McProxy) - McAfee, Inc.

-

c:\PROGRA~1\COMMON~1\mcafee\mcpr

oxy\mcproxy.exe

O23 - Service: McAfee Real-time

Scanner (McShield) - McAfee,

Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsh

ield.exe

O23 - Service: McAfee

SystemGuards (McSysmon) -

McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsy

smon.exe

O23 - Service: MozyHome Backup

Service (mozybackup) - Mozy,

Inc. - C:\Program

Files\MozyHome\mozybackup.exe

O23 - Service: McAfee Personal

Firewall Service (MpfService) -

McAfee, Inc. - C:\Program

Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Roxio UPnP

Renderer 9 - Sonic Solutions -

C:\Program Files\Roxio\Digital

Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server

9 - Sonic Solutions - C:\Program

Files\Roxio\Digital Home

9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P

Server 10 (RoxLiveShare10) -

Unknown owner - C:\Program

Files\Common Files\Roxio

Shared\10.0\SharedCOM\RoxLiveSha

re10.exe (file missing)

O23 - Service: LiveShare P2P

Server 9 (RoxLiveShare9) - Sonic

Solutions - C:\Program

Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxLiveShar

e9.exe

O23 - Service: RoxMediaDB9 -

Sonic Solutions - C:\Program

Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxMediaDB9

.exe

O23 - Service: Roxio Hard Drive

Watcher 9 (RoxWatch9) - Sonic

Solutions - C:\Program

Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxWatch9.e

xe

O23 - Service: SessionLauncher -

Unknown owner -

C:\DOCUME~1\ADMINI~1\LOCALS~1\Te

mp\DX9\SessionLauncher.exe (file

missing)

--

End of file - 10261 bytes

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello cogold! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

  • Open HijackThis, click Config, click Misc Tools
  • Click Open Uninstall Manager
  • Click Save List (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include this log:

  • HijackThis Uninstall List
  • a new fresh HiJackThis log

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.