Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.3
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 29th, 2010, 4:04pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Trojans, Help Please		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Trojans, Help Please  (Read 4332 times)
Londoe_Black
Newbie
*





   


Gender: male
 Posts: 11
Trojans, Help Please
« on: Feb 13th, 2009, 10:41am »		 Quote Quote  Modify Modify
Here's my Hijack this report.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:10 AM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.2097Cool
Boot mode: Normal
 
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\VolumeTray\VolumeTray.exe
D:\Program Files\TrojanHunter 5.0\THGuard.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Logitech\QuickCam\Quickcam.exe
D:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
D:\Documents and Settings\gimp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
D:\Program Files\Click-N-Type\Click-N-Type.exe
D:\Program Files\Secunia\PSI\psi.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Downloads\smclk131\SmartClock.exe
D:\Program Files\The KMPlayer1431\KMPlayer.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\eMule\emule.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - D:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VolumeTray] D:\Program Files\VolumeTray\VolumeTray.exe
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherEye] D:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Active Desktop Calendar] D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\gimp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Click-N-Type.LNK = D:\Program Files\Click-N-Type\Click-N-Type.exe
O4 - Startup: Secunia PSI.lnk = D:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - D:\Program Files\WinAVI FLV Converter\flv_link.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - D:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - D:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:  
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32 /activex/hcImpl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-window s-i586-jc.cab?e=1232068671776&h=e91af3abcad0bc390ea981a0c3f5c5fc/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712 /player/install/installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - D:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98ba971ad50cc) (gupdate1c98ba971ad50cc) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
 
--
End of file - 12794 bytes
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6729
Re: Trojans, Help Please
« Reply #1 on: Feb 13th, 2009, 12:40pm »		 Quote Quote  Modify Modify
Londoe_Black,
 
Your HJT log is not showing anything malicious.  Are you experiencing some type of problem?
 
There is one item that can be cleaned up per your HJT log.
 
1.  Run another HJT scan.  When the scan is completed, place a checkmark in the box next to the following item.  BE SURE that this is the only item checked.
 
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
 
2.  Close your browser.
 
3.  Click on Fix Checked which is located at the lower left of the HJT window.  Confirm that you want HJT to fix this item and let it fix it.
 
4.  Close HJT
 
Also be sure that your JAVA is up to date.  The latest update is Update 12.  The download link for Java SE Runtime Environment (JRE) JRE 6 Update 12
 
http://java.sun.com/javase/downloads/index.jsp
IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V10; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2011 Beta. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.3, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Londoe_Black
Newbie
*





   


Gender: male
 Posts: 11
Re: Trojans, Help Please
« Reply #2 on: Feb 13th, 2009, 2:12pm »		 Quote Quote  Modify Modify
I followed your directions, thanks for your help Smiley
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6729
Re: Trojans, Help Please
« Reply #3 on: Feb 13th, 2009, 10:15pm »		 Quote Quote  Modify Modify
Okay.  
 
But are you having some type of problem?  Your post title states "Trojans, Help Please" which indicates that you think you have trojans on your system.   Wink
IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V10; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2011 Beta. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.3, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Londoe_Black
Newbie
*





   


Gender: male
 Posts: 11
Re: Trojans, Help Please
« Reply #4 on: Feb 14th, 2009, 12:50pm »		 Quote Quote  Modify Modify
Sorry, I wasn't thinking I started a new topic. TH did find trojans today.
« Last Edit: Feb 14th, 2009, 12:51pm by Londoe_Black » IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register