hijackthis

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I need help reading a scan from hijackthis. Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:17:10 PM, on 9/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local
Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Program Files (x86)\Dell DataSafe Local
Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mediacomtoday.com/files/mediacom/login_new.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - -
C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection -
- C:\Program Files (x86)\Spybot -
Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper -
- c:\Program Files (x86)\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO -
- C:\Program Files
(x86)\Google\GoogleToolbarNotifier.7.7529.1424\swg.dll
O2 - BHO: Bing Bar Helper - -
"C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
- C:\Program Files
(x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - -
"C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - -
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files
(x86)\VIA\VIAudioi\VDeck\vdeck.exe
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files
(x86)\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files
(x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common
Files\Adobe\ARM.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local
Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell
DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3174] command.com /c del
"C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8183] cmd.exe /c del "C:\Program
Files (x86)\Free Offers from Freeze.com\control.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8023] command.com /c del
"C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2930] cmd.exe /c del "C:\Program
Files (x86)\Free Offers from Freeze.com\dolphinico.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9456] command.com /c del
"C:\Program Files (x86)\Free Offers from Freeze.com\vfpro.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1630] cmd.exe /c del "C:\Program
Files (x86)\Free Offers from Freeze.com\vfpro.ico"
O4 - HKLM\..\RunOnce: [WeatherBlinkbar Uninstall] rundll32
C:\PROGRA~2\GCUNIN~1.DLL,O -3
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot -
Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9570] command.com /c del
"C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3203] cmd.exe /c del "C:\Program
Files (x86)\Free Offers from Freeze.com\control.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7123] command.com /c del
"C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9026] cmd.exe /c del "C:\Program
Files (x86)\Free Offers from Freeze.com\dolphinico.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9027] command.com /c del
"C:\Program Files (x86)\Free Offers from Freeze.com\vfpro.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3290] cmd.exe /c del "C:\Program
Files (x86)\Free Offers from Freeze.com\vfpro.ico"
O4 - Startup: AutorunsDisabled
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: Blog This - -
C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -
- C:\Program Files (x86)\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote -
-
C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
-
C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - -
C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - -
C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -
- C:\Program Files (x86)\Spybot -
Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common
files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common
files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: (PCPitstop Utility) -
http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com -
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner
- C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner -
C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock
Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown
owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems,
Inc. - C:\Program Files (x86)\Citrix\GoToAssist4\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc.
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -
C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -
Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage)
- Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -
Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown
owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer
Networking Ltd. - C:\Program Files (x86)\Spybot - Search &
Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS -
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) -
Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown
owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown
owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program
Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -
Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) -
Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner
- C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown
owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -
Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -
Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv)
- Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media
Player\wmpnetwk.exe (file missing)

--
End of file - 10986 bytes


Re: hijackthis


Quoted text here. Click to load it

Same response as; alt.comp.virus



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline