Hijackthis Log please check

Discussion in 'System Security & Infection Support' started by Zeeg, May 9, 2008.

  1. Zeeg

    Zeeg Noob

    Joined:
    May 16, 2005
    Messages:
    97
    Location:
    Maryland
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:31:52 PM, on 5/9/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\CTHELPER.EXE
    C:\Windows\System32\CTXFIHLP.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\explorer.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5592D98D-3C6A-471D-85D6-532D5FFE7057}: NameServer = 68.87.73.242,68.87.71.226
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 6679 bytes



    My WoW account got stolen the other day and I fear its from a keylogger. Thanks!
     
    Zeeg, May 9, 2008
    #1
    1. Advertisements

  2. Zeeg

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Location:
    Ann Arbor, Mi
    I don't see anything suspicious-the only thing that jumped out at me was PnkBstrA and B which are part of the PunkBuster anti-cheating software installed by a lot of the newer games.
     
    Fenis-Wolf, May 9, 2008
    #2
    1. Advertisements

  3. Zeeg

    Zeeg Noob

    Joined:
    May 16, 2005
    Messages:
    97
    Location:
    Maryland
    Bah, well, What programs are good for scanning these kinds of things?
     
    Zeeg, May 9, 2008
    #3
  4. Zeeg

    Zeus Moderator

    Joined:
    Jun 20, 2005
    Messages:
    2,006
    Location:
    Virginia
    Zeus, May 12, 2008
    #4
  5. Zeeg

    Zeeg Noob

    Joined:
    May 16, 2005
    Messages:
    97
    Location:
    Maryland
    Thanks Zeus

    I removed it and uninstalled the directory + the registry files.
     
    Zeeg, May 12, 2008
    #5
  6. Zeeg

    Zeeg Noob

    Joined:
    May 16, 2005
    Messages:
    97
    Location:
    Maryland
    I looked more in depth with it and i've seen many websites claiming that AIM installs it without your permission. It's not malware, but I don't need it anyway so, whats the difference. Thanks again for your help everyone.
     
    Zeeg, May 12, 2008
    #6
  7. Zeeg

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Location:
    Ann Arbor, Mi
    Viewpoint is a fairly legitimate piece of software. It may get on your machine through partner installs, but they don't do anything nasty. Removing it won't hurt anything (AOL used to have a freakout if you removed it-but it would work after clicking through some errors). I don't see anything on your machine that looks remotely troubling-you can of course try to get AdAware and AVG updated to the newest revisions and run them in Safe Mode to quell any fears you have.
     
    Fenis-Wolf, May 12, 2008
    #7
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Snowwolf

    Please check my Hijackthis log

    Snowwolf, Aug 28, 2004, in forum: System Security & Infection Support
    Replies:
    6
    Views:
    800
    Grinler
    Aug 29, 2004
  2. Kristy

    Please help with my hijackthis log...

    Kristy, Sep 19, 2004, in forum: System Security & Infection Support
    Replies:
    6
    Views:
    899
    Fenis-Wolf
    Sep 19, 2004
  3. SLewG

    Another HijackThis Log - Please Help

    SLewG, Oct 2, 2004, in forum: System Security & Infection Support
    Replies:
    2
    Views:
    882
    SLewG
    Oct 3, 2004
  4. stubby711

    Please check my HiJackthis log!

    stubby711, Apr 17, 2005, in forum: Software
    Replies:
    1
    Views:
    797
    spike228
    Apr 17, 2005
  5. bballman

    Can someone check my HijackThis log?

    bballman, Jun 11, 2005, in forum: System Security & Infection Support
    Replies:
    7
    Views:
    1,308
Loading...

Share This Page