Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJT Log newbie

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HJT Log newbie

Unread postby bunkerboy69 » March 14th, 2009, 1:39 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:23 AM, on 3/14/2009
Platform: Unknown Windows (WinNT 6.01.2904)
MSIE: Internet Explorer v8.00 (8.00.7000.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\explorer.exe
C:\Users\Jefferson\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/default.aspx?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager

\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit

9\SnagitBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: C:\Windows\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit

9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [zqs5sb2ibj8e03lyhlqx4sw1wxgdo5] C:\Users\JEFFER~1\AppData\Local\Temp\qgxqhy8b8i1t.exe
O4 - HKCU\..\Run: [ho7ct795x] C:\Users\JEFFER~1\AppData\Local\Temp\oyuvhvvpzp755.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\Users\Jefferson\AppData\Local\Temp\winlognn.exe
O4 - HKCU\..\Run: [a5jx8vtuei9c2dxy33x49poxui2wbnul40ly] C:\Users\JEFFER~1\AppData\Local\Temp\p655i5wva.exe
O4 - HKCU\..\Run: [vnyqokwwdjb1pmwmub87vko0tvlbutyrprwuv] C:\Users\JEFFER~1\AppData\Local\Temp\r2ktu5gk.exe
O4 - HKCU\..\Run: [l44o588rdxyb] C:\Users\JEFFER~1\AppData\Local\Temp\haika2f.exe
O4 - HKCU\..\Run: [ys68s1w4j1yz23d3i1] C:\Users\JEFFER~1\AppData\Local\Temp\uaqone.exe
O4 - HKCU\..\Run: [s4urojmtgbhuu4] C:\Users\JEFFER~1\AppData\Local\Temp\sbdasnc6pn.exe
O4 - HKCU\..\Run: [ey53n151vvs98geh1lkkclgqsxp4m04cbkn8k] C:\Users\JEFFER~1\AppData\Local\Temp\z9sr64mxt2.exe
O4 - HKCU\..\Run: [rn1zuab2a6zuesma0bminqxbld6ic0] C:\Users\JEFFER~1\AppData\Local\Temp\x7sf4ndv5.exe
O4 - HKCU\..\Run: [cmva6qt4zlj5a6y] C:\Users\JEFFER~1\AppData\Local\Temp\e57fi465s.exe
O4 - HKCU\..\Run: [ibryh4efv4] C:\Users\JEFFER~1\AppData\Local\Temp\lrbfe4tii.exe
O4 - HKCU\..\Run: [rui8kp1atqt6h845] C:\Users\JEFFER~1\AppData\Local\Temp\ijx4p9ly.exe
O4 - HKCU\..\Run: [jkuk10wc55] C:\Users\JEFFER~1\AppData\Local\Temp\tyg6qklw900z.exe
O4 - HKCU\..\Run: [qgcgdlbch5v6ynqt] C:\Users\JEFFER~1\AppData\Local\Temp\c8iaqstmaj.exe
O4 - HKCU\..\Run: [a0tl7p99gs45c3cjuvh4j3skq5zy8lzde32vify8] C:\Users\JEFFER~1\AppData\Local\Temp\ul6b6gkdtd.exe
O4 - HKCU\..\Run: [cqx1vcll0r13igq59d93eoquvqeoxfttr79] C:\Users\JEFFER~1\AppData\Local\Temp\w1du3ba.exe
O4 - HKCU\..\Run: [y8kmyuz9qkjgclze57b7sn002fx05wt618w19vt1g6] C:\Users\JEFFER~1\AppData\Local\Temp\k8wxzj0.exe
O4 - HKCU\..\Run: [sxod2evga3vhkm8pyh9xari1so] C:\Users\JEFFER~1\AppData\Local\Temp\ojai2fia.exe
O4 - HKCU\..\Run: [fios1j0mdzr5xfdr1xtcr3trpsfb2ce4kfnjr] C:\Users\JEFFER~1\AppData\Local\Temp\oyaogga4s.exe
O4 - HKCU\..\Run: [i9d0q6idff4688] C:\Users\JEFFER~1\AppData\Local\Temp\qbty1u.exe
O4 - HKCU\..\Run: [zzmtw078pjyxfaj20yohsfr84elt05an1yprw0im171] C:\Users\JEFFER~1\AppData\Local\Temp\zr8lrrii29.exe
O4 - HKCU\..\Run: [usdrl5ecfginzs3ujlfhawb2nh0m2wt651keyrn9kvdpo] C:\Users\JEFFER~1\AppData\Local\Temp

\fldzsdiskmw8x.exe
O4 - HKCU\..\Run: [dar7k32sklc48pmj09rb7lcmaw1swo78a4o] C:\Users\JEFFER~1\AppData\Local\Temp\gxzphfu0w.exe
O4 - HKCU\..\Run: [zgaw50r1va5poal5pp2xsblkn312bgak2f2hbmgnawp3] C:\Users\JEFFER~1\AppData\Local\Temp

\npr5lw674lbkx.exe
O4 - HKCU\..\Run: [ecbw5ys4t4is6nsa72h3o486lo14mi3twn46l] C:\Users\JEFFER~1\AppData\Local\Temp\xfskq4bc0.exe
O4 - HKCU\..\Run: [vpnb0ey6pdg05jx3ffi6ta24yh98pl025] C:\Users\JEFFER~1\AppData\Local\Temp\pgv875tchotq.exe
O4 - HKCU\..\Run: [fnwfirqv7v8g7ui6xmkg2jac59401imn07vsdqmj28juj1h7ct] C:\Users\JEFFER~1\AppData\Local\Temp

\wnfto2f4b.exe
O4 - HKCU\..\Run: [f8si90v9amxe26] C:\Users\JEFFER~1\AppData\Local\Temp\c08czy55z35.exe
O4 - HKCU\..\Run: [bt1hntwahx4bhck7uouf43xw] C:\Users\JEFFER~1\AppData\Local\Temp\acu2ojh.exe
O4 - HKCU\..\Run: [tickl50kc] C:\Users\JEFFER~1\AppData\Local\Temp\yxod97.exe
O4 - HKCU\..\Run: [pddgydq5to7orrgag027r08sawgjckfc89vvl77rvdo2b8j] C:\Users\JEFFER~1\AppData\Local\Temp

\in8h9433c2z.exe
O4 - HKCU\..\Run: [ywu457ntjaywxm7mcpsgabsi292sujiuix] C:\Users\JEFFER~1\AppData\Local\Temp\r2l1h3l2em6.exe
O4 - HKCU\..\Run: [q5yos6ouf6cjexl4krp8s5fiv] C:\Users\JEFFER~1\AppData\Local\Temp\opbuifj.exe
O4 - HKCU\..\Run: [ib8aamofoayhvw5gb61f33tn3mv] C:\Users\JEFFER~1\AppData\Local\Temp\wo4lfbmc.exe
O4 - HKCU\..\Run: [zqg4p9ewnpvk7713k8ak8mcpghqzcbn9q] C:\Users\JEFFER~1\AppData\Local\Temp\x0qs4wfkg6oa.exe
O4 - HKCU\..\Run: [l8i3u6nviy9nplzgg9a4hd5vd2sczep86mux5pbi7nuk798eu] C:\Users\JEFFER~1\AppData\Local\Temp

\scskhbzr.exe
O4 - HKCU\..\Run: [zcdvpr7ney1kb] C:\Users\JEFFER~1\AppData\Local\Temp\qej7hxui.exe
O4 - HKCU\..\Run: [xma6kuqiaw4f9goa9nv4jlxon0s5dlg5259ykdn0frdqaj] C:\Users\JEFFER~1\AppData\Local\Temp

\bvmtu67eq7div.exe
O4 - HKCU\..\Run: [ruxy74lr1m2y1znskwd3uli54mggjajioipc7a7c9m937k2iwm] C:\Users\JEFFER~1\AppData\Local\Temp

\leuxqihc69hm.exe
O4 - HKCU\..\Run: [jru6nzgzz3jaxw9k1t4kz7x7yarsbyxzqrju1r] C:\Users\JEFFER~1\AppData\Local\Temp\eg6yuk4k.exe
O4 - HKCU\..\Run: [hx16n5c4mh5q3fuw] C:\Users\JEFFER~1\AppData\Local\Temp\i5iz7zhf2q.exe
O4 - HKCU\..\Run: [mvmbt0qbzjc5iaw8esxygms9trlodn63qje8yof5m9] C:\Users\JEFFER~1\AppData\Local\Temp\hvd1gzx41.exe
O4 - HKCU\..\Run: [o0jkbcmmzbagcsoy5mnocgdlx1nowyd9q2d6v4xo] C:\Users\JEFFER~1\AppData\Local\Temp\ttk237omo8.exe
O4 - HKCU\..\Run: [eg2f08op0okhfvj8] C:\Users\JEFFER~1\AppData\Local\Temp\bxd142xv5e.exe
O4 - HKCU\..\Run: [f9l9v2o13jnjr0w61eqoa52q8j] C:\Users\JEFFER~1\AppData\Local\Temp\pgwkaczo8wb.exe
O4 - HKCU\..\Run: [fvbryjt0epcvokc7ulkm6r] C:\Users\JEFFER~1\AppData\Local\Temp\l1f3md3aewdod.exe
O4 - HKCU\..\Run: [vfq88huax1crpj0m3l5enluz964buzafuwyuhkpa] C:\Users\JEFFER~1\AppData\Local\Temp\mbk1ud.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager

\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office

\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:

\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office

\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files

\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER

\FolderProtectService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater

\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

--
End of file - 11434 bytes
this is my HJT log can some one check it for me?
Thanks in advance
Bunkerboy
bunkerboy69
Active Member
 
Posts: 1
Joined: March 14th, 2009, 1:28 pm
Advertisement
Register to Remove

Re: HJT Log newbie

Unread postby Shaba » March 21st, 2009, 5:42 am

Hi bunkerboy69 and sorry for delay.

If you still need help, please post next a fresh HijackThis log with this version:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HJT Log newbie

Unread postby Shaba » March 26th, 2009, 2:19 pm

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware