hello!
I have a pesky trojan, and ran 'hijack this', and I'd like to post the log on this email. Can anyone tell me what to remove in order to get rid of the trojan?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:40 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesJavaj2re1.4.2_03binjusched.exe
C:Program FilesIntelModem Event MonitorIntelMEM.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesVerizonVSPVerizonServicepoint.exe
C:PROGRA~1GrisoftAVG7avgcc.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:Program FilesDellSupportDSAgnt.exe
C:PROGRA~1MUSICM~1MUSICM~3MMDiag.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:PROGRA~1GrisoftAVG7avgemc.exe
C:Program FilesMUSICMATCHMusicmatch Jukeboxmim.exe
C:Program FilesCanonMultiPASS4MPSERVIC.EXE
C:WINDOWSsystem32svchost.exe
C:PROGRA~1INCRED~1binIMApp.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32?racle?srss.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceagent.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Documents and SettingsDeborah MalleDesktopmy softwareHiJackThis.exe
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dell.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {443EA261-6AF8-6400-F0BD-63A3E78FAFC3} - C:WINDOWSsystem32fqqdar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: (no name) - {5deadb5c-eb94-4636-bf8f-db84423e17b0} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:Program FilesBAEBAE.dll
O2 - BHO: (no name) - {E5F6FB05-6431-4786-9800-483B2199507C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03binjusched.exe
O4 - HKLM..Run: [IntelMeM] C:Program FilesIntelModem Event MonitorIntelMEM.exe
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [ISUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [DMXLauncher] C:Program FilesDellMedia ExperienceDMXLauncher.exe
O4 - HKLM..Run: [MimBoot] C:PROGRA~1MUSICM~1MUSICM~3mimboot.exe
O4 - HKLM..Run: [MMTray] "C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe"
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [VerizonServicepoint.exe] "C:Program FilesVerizonVSPVerizonServicepoint.exe" /AUTORUN
O4 - HKLM..Run: [dscactivate] "C:Program FilesDell Support Centergs_agentcustomdsca.exe"
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [IncrediMail] C:Program FilesIncrediMailbinIncMail.exe /c
O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup
O4 - HKCU..Run: [ISUSPM] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -scheduler
O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil9b.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil9b.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZNxdm117YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.arm...timage40803.cab
O20 - Winlogon Notify: hgggdba - hgggdba.dll (file missing)
O20 - Winlogon Notify: sqkjbvmt - sqkjbvmt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: MpService - Canon Inc. - C:Program FilesCanonMultiPASS4MPSERVIC.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
--
End of file - 7661 bytes
1 reply to this topic
#2
Conuck
-
- Moderators
-
- 7,165 posts
TMN Seasoned Veteran
- Location: Kentucky
Posted 28 January 2008 - 06:37 PM
deb, welcome to the forum and hope you enjoy your stay here.
You've got 4 bad items you need to get rid of!
Paste your log here:
http://www.hijackthis.de/
You've got 4 bad items you need to get rid of!
Paste your log here:
http://www.hijackthis.de/
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
