Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Register iSpy Downloads New Posts Donate Unanswered Posts Member List Search

Computer Juice raffle - Win PC hardware of your choice worth £500 / €680 / $1000 - Enter HERE!


Computer Juice - Forums - Hijack log from my laptop for Evil.


Reply
 
LinkBack Thread Tools
  #1  
Old 15-04-2008, 02:01 PM
No Avatar
CJ Member
Intel Nvidia
Mooseknuckle is offline
 
Join Date: Feb 2008
Last Online: Today 01:58 AM
Posts: 81
iTrader: (0)
Mooseknuckle is on a distinguished road
Default

Hijack log from my laptop for Evil.


Evil here is my hijack log that i said i would be posting up this week....can you take a look and see what you think....thanks.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:08 P. Miller, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Adaware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Rocketdock\RocketDock\RocketDock.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <Link hidden. Register for free to see this link!>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <Link hidden. Register for free to see this link!>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\s wg.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\Rocketdock\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: <Link hidden. Register for free to see this link!>
O15 - Trusted Zone: *.skillport.com
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - <Link hidden. Register for free to see this link!>
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - <Link hidden. Register for free to see this link!>
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - <Link hidden. Register for free to see this link!>
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - <Link hidden. Register for free to see this link!>
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - <Link hidden. Register for free to see this link!>
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - <Link hidden. Register for free to see this link!>
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - <Link hidden. Register for free to see this link!>
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Adaware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9786 bytes
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #2  
Old 15-04-2008, 02:53 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:25 PM
Posts: 4,351
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default

Hijack log from my laptop for Evil.


You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". See <Link hidden. Register for free to see this link!>

It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
  • Viewpoint Experience Technology
If you have trouble removing Viewpoint, I suggest that you use <Link hidden. Register for free to see this link!>

Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop.
Run ViewpointKiller, and select File > Do All Killings
Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with.
A logfile will be created in the folder you unzipped ViewpointKiller to, please paste the contents here.

----------

Have Hijackthis fix these

O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: (no name) - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - (no file)


Is the PC having any problems or is this just a check up?
__________________
.

Never argue with an idiot. They'll bring you down to their level, then beat you with experience.
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #3  
Old 15-04-2008, 03:12 PM
No Avatar
CJ Member
Intel Nvidia
Mooseknuckle is offline
 
Join Date: Feb 2008
Last Online: Today 01:58 AM
Posts: 81
iTrader: (0)
Mooseknuckle is on a distinguished road
Default

Hijack log from my laptop for Evil.


no problems....just a check up
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #4  
Old 15-04-2008, 03:16 PM
No Avatar
CJ Member
Intel Nvidia
Mooseknuckle is offline
 
Join Date: Feb 2008
Last Online: Today 01:58 AM
Posts: 81
iTrader: (0)
Mooseknuckle is on a distinguished road
Default

Hijack log from my laptop for Evil.


viewpoint killer log...


----------------------------------
ViewpointKiller Version 1.30 (beta)
The removal process was started on Tue Apr 15 11:16:49 2008
Preparing to remove Viewpoint Media Player...

Warning accepted, beginning removal process....

ViewpointKiller determined that "aim.exe" was not running.
ViewpointKiller was able to close "aim6.exe" successfully.
ViewpointKiller was able to close "aolsoftware.exe" successfully.
ViewpointKiller determined that "aol.exe" was not running.
ViewpointKiller determined that "MtsAxInstaller.exe" was not running.

Preparing to close the Viewpoint Manager Service if it is running...
Closing "Viewpoint Manager Service" failed, or the service is not running.


Searching for all known Viewpoint Media Player registry values and keys...
Found and removed: SOFTWARE\Viewpoint
Found and removed: SOFTWARE\Viewpoint
Found and removed: interface\{9dbb28cd-1925-11d3-a498-00104b6eb52e}
Found and removed: typelib\{9dbb28c1-1925-11d3-a498-00104b6eb52e}
Finished searching for and removing all known Viewpoint Media Player registry values and keys.

Searching for all known Viewpoint Media Player files and folders...
There was an error removing C:\Program Files\Viewpoint\Viewpoint Media Player. The error returned was 32.
Found and removed: C:\Program Files\Viewpoint\Viewpoint Experience Technology
Found and removed: C:\Documents and Settings\All Users\Application Data\Viewpoint
Found and removed: C:\Program Files\Viewpoint
Finished searching for and removing all known Viewpoint Media Player files and folders.

Finished reporting.
----------------------------------
----------------------------------
ViewpointKiller Version 1.30 (beta)
The removal process was started on Tue Apr 15 11:17:03 2008
Preparing to remove Viewpoint Manager...

ViewpointKiller determined that "viewmgr.exe" was not running.
Searching for all known Viewpoint Manager registry values and keys...
Found and removed: Software\Microsoft\Windows\CurrentVersion\Uninstal l\Viewpoint Manager
Finished searching for and removing all known Viewpoint Manager registry values and keys.

Searching for all known Viewpoint Manager files and folders...
Finished searching for and removing all known Viewpoint Manager files and folders.

Finished reporting.
----------------------------------
----------------------------------
ViewpointKiller Version 1.30 (beta)
The removal process was started on Tue Apr 15 11:17:05 2008
Preparing to remove Viewpoint Toolbar...

ViewpointKiller determined that "FotomatDeviceConnect.exe" was not running.
ViewpointKiller was able to close "iexplore.exe" successfully.

Searming for all known Viewpoint Toolbar registry values and keys...
Found and removed: CLSID\{1FB895B8-BC8D-4701-9341-30AE0EC17B64}
Finished searching for and removing all known Viewpoint Toolbar registry values and keys.

Searching for all known Viewpoint Toolbar files and folders...
Found and removed: C:\Documents and Settings\Paul\Local Settings\Application Data\Viewpoint
Found and removed: C:\Program Files\Common Files\Viewpoint
Finished searching for and removing all known Viewpoint Toolbar files and folders.

Finished reporting.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #5  
Old 15-04-2008, 03:18 PM
No Avatar
CJ Member
Intel Nvidia
Mooseknuckle is offline
 
Join Date: Feb 2008
Last Online: Today 01:58 AM
Posts: 81
iTrader: (0)
Mooseknuckle is on a distinguished road
Default

Hijack log from my laptop for Evil.


new hjack log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:58 P. Miller, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Adaware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Rocketdock\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <Link hidden. Register for free to see this link!>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <Link hidden. Register for free to see this link!>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\Rocketdock\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: <Link hidden. Register for free to see this link!>
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: *.skillsoft.com
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - <Link hidden. Register for free to see this link!>
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - <Link hidden. Register for free to see this link!>
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - <Link hidden. Register for free to see this link!>
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - <Link hidden. Register for free to see this link!>
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - <Link hidden. Register for free to see this link!>
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - <Link hidden. Register for free to see this link!>
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - <Link hidden. Register for free to see this link!>
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Adaware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9372 bytes
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #6  
Old 15-04-2008, 03:23 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:25 PM
Posts: 4,351
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default

Hijack log from my laptop for Evil.


Everything looks OK.
__________________
.

Never argue with an idiot. They'll bring you down to their level, then beat you with experience.
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #7  
Old 15-04-2008, 03:26 PM
No Avatar
CJ Member
Intel Nvidia
Mooseknuckle is offline
 
Join Date: Feb 2008
Last Online: Today 01:58 AM
Posts: 81
iTrader: (0)
Mooseknuckle is on a distinguished road
Default

Hijack log from my laptop for Evil.


Alright....Thank you.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #8  
Old 15-04-2008, 05:10 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 08:25 PM
Posts: 4,351
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default

Hijack log from my laptop for Evil.


It probably wouldn't hurt to run Malwarebytes to make sure nothing is hiding. Hijackthis doesn't always show everything.

Final steps.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
  • Go to Start > Programs > Accessories > System Tools and click System Restore
  • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Next go to Start > Run and type Cleanmgr
  • Click OK
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
Use the <Link hidden. Register for free to see this link!> to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.
Check out <Link hidden. Register for free to see this link!> for tips and free tools to keep you safe in the future.

Also see <Link hidden. Register for free to see this link!> for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
.

Never argue with an idiot. They'll bring you down to their level, then beat you with experience.
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #9  
Old 15-04-2008, 08:19 PM
No Avatar
CJ Member
Intel Nvidia
Mooseknuckle is offline
 
Join Date: Feb 2008
Last Online: Today 01:58 AM
Posts: 81
iTrader: (0)
Mooseknuckle is on a distinguished road
Default

Hijack log from my laptop for Evil.


Malwarebytes found nothing.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote

Please support this forum, donate towards our running costs.


Reply



Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
News - Google: Wiping out Evil, One Negative Political Campaign at a T NewsBot Industry News & Reports 0 25-01-2008 08:00 PM
hijack help again! vic66 Virus, Spyware & Security 8 29-08-2007 09:09 PM
blocky look to resident evil 3 pc i have... gary f Graphics Cards & Monitors 1 01-04-2007 05:43 AM
Resident Evil 5 For PS2 greg o PC & Console Gaming 5 20-03-2007 04:40 PM



Copyright ©2006 - 2008 Computer Juice - Forums - Free PC Help, Support and Repairs.

Powered by vBulletin® Copyright ©2000 - 2008 Jelsoft Enterprises Ltd. SEO by vBSEO ©2007, Crawlability, Inc.