Hijackthis Log please check

Discussion in 'System Security & Infection Support' started by Zeeg, May 9, 2008.

  1. Zeeg

    Zeeg Noob

    Joined:
    May 16, 2005
    Messages:
    97
    Likes Received:
    0
    Location:
    Maryland
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:31:52 PM, on 5/9/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\CTHELPER.EXE
    C:\Windows\System32\CTXFIHLP.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\explorer.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5592D98D-3C6A-471D-85D6-532D5FFE7057}: NameServer = 68.87.73.242,68.87.71.226
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 6679 bytes



    My WoW account got stolen the other day and I fear its from a keylogger. Thanks!
     
    Zeeg, May 9, 2008
    #1
    1. Advertisements

  2. Zeeg

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    I don't see anything suspicious-the only thing that jumped out at me was PnkBstrA and B which are part of the PunkBuster anti-cheating software installed by a lot of the newer games.
     
    Fenis-Wolf, May 9, 2008
    #2
    1. Advertisements

  3. Zeeg

    Zeeg Noob

    Joined:
    May 16, 2005
    Messages:
    97
    Likes Received:
    0
    Location:
    Maryland
    Bah, well, What programs are good for scanning these kinds of things?
     
    Zeeg, May 9, 2008
    #3
  4. Zeeg

    Zeus Moderator

    Joined:
    Jun 20, 2005
    Messages:
    2,006
    Likes Received:
    33
    Location:
    Virginia
    Zeus, May 12, 2008
    #4
  5. Zeeg

    Zeeg Noob

    Joined:
    May 16, 2005
    Messages:
    97
    Likes Received:
    0
    Location:
    Maryland
    Thanks Zeus

    I removed it and uninstalled the directory + the registry files.
     
    Zeeg, May 12, 2008
    #5
  6. Zeeg

    Zeeg Noob

    Joined:
    May 16, 2005
    Messages:
    97
    Likes Received:
    0
    Location:
    Maryland
    I looked more in depth with it and i've seen many websites claiming that AIM installs it without your permission. It's not malware, but I don't need it anyway so, whats the difference. Thanks again for your help everyone.
     
    Zeeg, May 12, 2008
    #6
  7. Zeeg

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Viewpoint is a fairly legitimate piece of software. It may get on your machine through partner installs, but they don't do anything nasty. Removing it won't hurt anything (AOL used to have a freakout if you removed it-but it would work after clicking through some errors). I don't see anything on your machine that looks remotely troubling-you can of course try to get AdAware and AVG updated to the newest revisions and run them in Safe Mode to quell any fears you have.
     
    Fenis-Wolf, May 12, 2008
    #7
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. Snowwolf

    Please check my Hijackthis log

    Snowwolf, Aug 28, 2004, in forum: System Security & Infection Support
    Replies:
    6
    Views:
    982
    Grinler
    Aug 29, 2004
  2. drag0nblade

    Please check my Hijack This Log

    drag0nblade, Sep 10, 2004, in forum: System Security & Infection Support
    Replies:
    5
    Views:
    987
    James
    Sep 13, 2004
  3. Kristy

    Please help with my hijackthis log...

    Kristy, Sep 19, 2004, in forum: System Security & Infection Support
    Replies:
    6
    Views:
    1,031
    Fenis-Wolf
    Sep 19, 2004
  4. SLewG

    Another HijackThis Log - Please Help

    SLewG, Oct 2, 2004, in forum: System Security & Infection Support
    Replies:
    2
    Views:
    976
    SLewG
    Oct 3, 2004
  5. xishiro

    Another HijackThis log please. AND NEW PROBLEM

    xishiro, Oct 22, 2004, in forum: System Security & Infection Support
    Replies:
    2
    Views:
    1,360
    xishiro
    Oct 23, 2004
  6. milan

    please check this HJT log

    milan, Apr 3, 2005, in forum: System Security & Infection Support
    Replies:
    3
    Views:
    1,058
    Fenis-Wolf
    Apr 4, 2005
  7. stubby711

    Please check my HiJackthis log!

    stubby711, Apr 17, 2005, in forum: Software
    Replies:
    1
    Views:
    874
    spike228
    Apr 17, 2005
  8. bballman

    Can someone check my HijackThis log?

    bballman, Jun 11, 2005, in forum: System Security & Infection Support
    Replies:
    7
    Views:
    1,403
Loading...