Jump to content

In need of assistance with HiJackThis log


Recommended Posts

I was recently keylogged and a gaming account of mine was stolen. I would very much appreciate if someone knowledgable could review this log and let me know if any findings are ok to fix with HiJackThis. Malwarebytes, spybot, superantispyware, were all unable to find any issues on my PC. All were run with and without the hacked game being launched and text put in the log-in.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:29:09 AM, on 1/9/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe

C:Program Files (x86)RazerNagaNagaTray.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

C:Program FilesLogitechSetPointx86SetPoint32.exe

C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe

C:Program Files (x86)Internet ExplorerIELowutil.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

D:Program Files (x86)HijackThisTrend MicroHiJackThisHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.google.com

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 66.104.77.20:3128

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

O4 - HKLM..Run: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

O4 - HKLM..Run: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe

O4 - HKLM..Run: [Razer Naga Driver] C:Program Files (x86)RazerNagaNagaTray.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe

O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSuperAntiSpywareSUPERAntiSpyware.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSuperAntiSpywareSASCORE64.EXE

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:Program Files (x86)NVIDIA CorporationnTunenTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:Windowssystem32nvvsvc.exe (file missing)

O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:Program Files (x86)NVIDIA CorporationSystem UpdateUpdateCenterService.exe

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--

End of file - 6672 bytes

Thank-you so much for any and all help :D

Seems alot of mods are requesting DDS reports now. Hopefully it is ok to post without a request to save time below is the results of a DDS scan:

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Phil at 6:50:53.25 on Sun 01/09/2011

Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22

Microsoft

Link to post
Share on other sites

post-32477-1261866970.gif

uInternet Settings,ProxyServer = 66.104.77.20:3128

If you didn't add this ProxyServer, do this fix

Please open up Notepad and copy all of the items in the code box below.

Change the "Save As Type" to "All Files". Save it as fix.reg on your Desktop.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

Now double-click fix.reg.

A window will come up asking if you want to let it merge with the registry.

Click yes.

Link to post
Share on other sites

Seems to be running well, ty- just mainly concerned with removing any spyware/keyloggers that could compromise personal information. Used to just do a full reformat in this scenario (any sign of virii/addware), but with the amount of media I don't have backed up was trying to avoid that for the time being. I've also put a login pw so kids and their friends can no longer use the comp without supervision.

thx again

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.