Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Can some one please have a look at my HJT log, when I ran HJT it displayed a couple of warning messages which were concerning.
I have tried various programs to sort out the problem, if anyone can help I would really appreciated it.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:36, on 26/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: 1.2.3.4 www.360Safe.com
O1 - Hosts: 1.2.3.4 www.360.cn
O1 - Hosts: 1.2.3.4 bbs.360safe.com
O1 - Hosts: 1.2.3.4 baike.360.cn
O1 - Hosts: 1.2.3.4 kaba.360.cn
O1 - Hosts: 1.2.3.4 bbs.360.cn
O1 - Hosts: 1.2.3.4 dl.360Safe.com
O1 - Hosts: 1.2.3.4 forum.ikaka.com
O1 - Hosts: 1.2.3.4 tool.ikaka.com
O1 - Hosts: 1.2.3.4 file.ikaka.com
O1 - Hosts: 1.2.3.4 update.ikaka.com
O1 - Hosts: 1.2.3.4 bbs.ikaka.com
O1 - Hosts: 1.2.3.4 bbs.janmeng.com
O1 - Hosts: 1.2.3.4 www.ikaka.com
O1 - Hosts: 1.2.3.4 forum.jiangmin.com
O1 - Hosts: 1.2.3.4 update.rising.com.cn
O1 - Hosts: 1.2.3.4 online.rising.com.cn
O1 - Hosts: 1.2.3.4 center.rising.com.cn
O1 - Hosts: 1.2.3.4 www.rising.com.cn
O1 - Hosts: 1.2.3.4 fw.rising.com.cn
O1 - Hosts: 1.2.3.4 csc.rising.com.cn
O1 - Hosts: 1.2.3.4 buy.rising.com.cn
O1 - Hosts: 1.2.3.4 sos.rising.com.cn
O1 - Hosts: 1.2.3.4 download.rising.com.cn
O1 - Hosts: 1.2.3.4 help.rising.com.cn
O1 - Hosts: 1.2.3.4 go.rising.com.cn
O1 - Hosts: 1.2.3.4 up.duba.net
O1 - Hosts: 1.2.3.4 bbs.duba.net
O1 - Hosts: 1.2.3.4 shadu.baidu.com
O1 - Hosts: 1.2.3.4 www.kztechs.com
O1 - Hosts: 1.2.3.4 security.symantec.com
O1 - Hosts: 1.2.3.4 shadu.duba.net
O1 - Hosts: 1.2.3.4 online.jiangmin.com
O1 - Hosts: 1.2.3.4 cn.mcafee.com
O1 - Hosts: 1.2.3.4 bbs.mcafeefans.com
O1 - Hosts: 1.2.3.4 mcafeefans.com
O1 - Hosts: 1.2.3.4 www.ahn.com.cn
O1 - Hosts: 1.2.3.4 www.kaspersky.com.cn
O1 - Hosts: 1.2.3.4 www.pcav.cn
O1 - Hosts: 1.2.3.4 www.vrv.com.cn
O1 - Hosts: 1.2.3.4 bbs.sucop.com
O1 - Hosts: 1.2.3.4 www.sucop.com
O1 - Hosts: 1.2.3.4 sucop.com
O1 - Hosts: 1.2.3.4 bbs.cpcw.com
O1 - Hosts: 1.2.3.4 www.shudoo.com
O1 - Hosts: 1.2.3.4 alert.rising.com.cn
O1 - Hosts: 1.2.3.4 www.dswlab.com
O1 - Hosts: 1.2.3.4 dswlab.com
O1 - Hosts: 1.2.3.4 bbs.dswlab.com
O1 - Hosts: 1.2.3.4 zhidao.ikaka.com
O1 - Hosts: 1.2.3.4 bbs.kafan.cn
O1 - Hosts: 1.2.3.4 bbs.kaspersky.com.cn
O1 - Hosts: 1.2.3.4 www.trendmicro.com.cn
O1 - Hosts: 1.2.3.4 bbs.trendmicro.com.cn
O1 - Hosts: 1.2.3.4 cn.trendmicro.com
O1 - Hosts: 1.2.3.4 www.kpfans.com
O1 - Hosts: 1.2.3.4 kpfans.com
O1 - Hosts: 1.2.3.4 dnl-cn1.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn2.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn3.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn4.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn5.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn6.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn7.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn8.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn9.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn10.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn11.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn12.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn13.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn14.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cn15.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd1.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd2.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd3.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd4.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd5.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd6.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd7.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd8.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd9.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd10.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd11.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd12.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd13.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-cd14.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu1.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu2.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu3.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu4.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu5.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu6.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu7.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu8.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu9.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu10.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu11.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu12.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu13.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu14.kaspersky-labs.com
O1 - Hosts: 1.2.3.4 dnl-eu15.kaspersky-labs.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.5.960\ssd.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [duzuyuwuhi] Rundll32.exe "C:\WINDOWS\system32\puwaduvu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221516630027
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\WINDOWS\system32\hitigaro.dll c:\windows\system32\pujawewo.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: acpi64 - Unknown owner - C:\WINDOWS\system32\acpi64.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 14009 bytes
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top