post a non scrambled HJT log and we will check
-
IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Solved: kindly check my hjt log please
Happy new year to all!
Just checking for issues and vulnerabilities on my pc.
Logfile of HijackThis v1.99.1
Scan saved at 2:32:26 PM, on
1/16/2007
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-
Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgemc.exe
C:\Program Files\MSI\BToes Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgcc.exe
C:\Program Files\Creative\SBAudigy2
\Surround Mixer\CTSysVol.exe
C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Program
Files\SpywareGuard\sgmain.exe
C:\Program
Files\SpywareGuard\sgbhp.exe
C:\Program
Files\Hijackthis\HijackThis.exe
O2 - BHO: SpywareGuard Download
Protection - {4A368E80-174F-4872-
96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-
6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-
4965-11d4-9B18-009027A5CD4F} -
c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol]
C:\Program Files\Creative\SBAudigy2
\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Zone Labs Client]
"C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter]
RunDLL32.exe
NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ClocX] C:\Program
Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [SpybotSD
TeaTimer] C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk =
C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: SpywareGuard.lnk =
C:\Program
Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item:
E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10
\EXCEL.EXE/3000
O8 - Extra context menu item: Send
To &Bluetooth - C:\Program
Files\MSI\BToes Bluetooth
Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun
Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015
- {CCA281CA-C863-46ef-9331-
5C8D4460577F} - C:\Program
Files\MSI\BToes Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem:
@btrez.dll,-4017 - {CCA281CA-C863-
46ef-9331-5C8D4460577F} - C:\Program
Files\MSI\BToes Bluetooth
Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger
- {E5D12C4E-7B4F-11D3-B5C9-
0050045C3C96} - C:\PROGRA~1\Yahoo!
\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo!
Messenger - {E5D12C4E-7B4F-11D3-
B5C9-0050045C3C96} - C:\PROGRA~1
\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB
-9BD8C29F7F75} (CKAVWebScan Object)
-
http://www.kaspersky.com/kos/eng/par
tner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E
-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8
-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsu
pdate/v6/V5Controls/en/x86/client/wu
web_site.cab?1125712286294
O16 - DPF: {6E5A37BF-FD42-463A-877C
-4EB7002E68AE} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042
-5009F29E09E1} (ActiveScan Installer
Class) -
http://acs.pandasoftware.com/actives
can/as5free/asinst.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1
-ED0E8E5AF024} (LycosMail Upload
Control) -
http://lycosmail.lycos.com/hanmail-
ax/AttachMail.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9
169CA32-5F65-46D4-BD7E-
CFF498EDFEB0}: NameServer =
202.124.128.2 202.124.128.3
O18 - Protocol: widimg - {EE7C2AFF-
5742-44FF-BD0E-E521B0D3C3BA} -
C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier -
WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-
94D524869DB5} - C:\WINDOWS\system32
\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware
Guard - Anti-Malware Development
a.s. - C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager
Server (Avg7Alrt) - GRISOFT, s.r.o.
- C:\PROGRA~1\Grisoft\AVGFRE~1
\avgamsvr.exe
O23 - Service: AVG7 Update Service
(Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgupsvc.exe
O23 - Service: AVG E-mail Scanner
(AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgemc.exe
O23 - Service: Bluetooth Service
(btwdins) - Broadcom Corporation -
C:\Program Files\MSI\BToes Bluetooth
Software\bin\btwdins.exe
O23 - Service: InstallDriver Table
Manager (IDriverT) - Macrovision
Corporation - C:\Program
Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: NVIDIA Display Driver
Service (NVSvc) - NVIDIA Corporation
- C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet
Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32
\ZoneLabs\vsmon.exe
Just checking for issues and vulnerabilities on my pc.
Logfile of HijackThis v1.99.1
Scan saved at 2:32:26 PM, on
1/16/2007
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-
Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgemc.exe
C:\Program Files\MSI\BToes Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgcc.exe
C:\Program Files\Creative\SBAudigy2
\Surround Mixer\CTSysVol.exe
C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Program
Files\SpywareGuard\sgmain.exe
C:\Program
Files\SpywareGuard\sgbhp.exe
C:\Program
Files\Hijackthis\HijackThis.exe
O2 - BHO: SpywareGuard Download
Protection - {4A368E80-174F-4872-
96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-
6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-
4965-11d4-9B18-009027A5CD4F} -
c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol]
C:\Program Files\Creative\SBAudigy2
\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Zone Labs Client]
"C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter]
RunDLL32.exe
NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ClocX] C:\Program
Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [SpybotSD
TeaTimer] C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk =
C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: SpywareGuard.lnk =
C:\Program
Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item:
E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10
\EXCEL.EXE/3000
O8 - Extra context menu item: Send
To &Bluetooth - C:\Program
Files\MSI\BToes Bluetooth
Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun
Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015
- {CCA281CA-C863-46ef-9331-
5C8D4460577F} - C:\Program
Files\MSI\BToes Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem:
@btrez.dll,-4017 - {CCA281CA-C863-
46ef-9331-5C8D4460577F} - C:\Program
Files\MSI\BToes Bluetooth
Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger
- {E5D12C4E-7B4F-11D3-B5C9-
0050045C3C96} - C:\PROGRA~1\Yahoo!
\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo!
Messenger - {E5D12C4E-7B4F-11D3-
B5C9-0050045C3C96} - C:\PROGRA~1
\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB
-9BD8C29F7F75} (CKAVWebScan Object)
-
http://www.kaspersky.com/kos/eng/par
tner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E
-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8
-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsu
pdate/v6/V5Controls/en/x86/client/wu
web_site.cab?1125712286294
O16 - DPF: {6E5A37BF-FD42-463A-877C
-4EB7002E68AE} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042
-5009F29E09E1} (ActiveScan Installer
Class) -
http://acs.pandasoftware.com/actives
can/as5free/asinst.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1
-ED0E8E5AF024} (LycosMail Upload
Control) -
http://lycosmail.lycos.com/hanmail-
ax/AttachMail.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9
169CA32-5F65-46D4-BD7E-
CFF498EDFEB0}: NameServer =
202.124.128.2 202.124.128.3
O18 - Protocol: widimg - {EE7C2AFF-
5742-44FF-BD0E-E521B0D3C3BA} -
C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier -
WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-
94D524869DB5} - C:\WINDOWS\system32
\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware
Guard - Anti-Malware Development
a.s. - C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager
Server (Avg7Alrt) - GRISOFT, s.r.o.
- C:\PROGRA~1\Grisoft\AVGFRE~1
\avgamsvr.exe
O23 - Service: AVG7 Update Service
(Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgupsvc.exe
O23 - Service: AVG E-mail Scanner
(AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1
\avgemc.exe
O23 - Service: Bluetooth Service
(btwdins) - Broadcom Corporation -
C:\Program Files\MSI\BToes Bluetooth
Software\bin\btwdins.exe
O23 - Service: InstallDriver Table
Manager (IDriverT) - Macrovision
Corporation - C:\Program
Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: NVIDIA Display Driver
Service (NVSvc) - NVIDIA Corporation
- C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet
Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32
\ZoneLabs\vsmon.exe
- Status
- Not open for further replies.
1 - 4 of 9 Posts
All I can see is a very out of date Sun Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.
scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
no conflicts or issues so you should be OK
1 - 4 of 9 Posts
- Status
- Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
