HijackThis Report

Status
Not open for further replies.
Charley

Charley

Just Do It
Joined
Feb 12, 2005
Messages
2,334
Is there anything wrong here ?
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
D:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
d:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\7zOB2.tmp\HijackThis.exe
D:\Maxthon\Maxthon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *us.rd.yahoo.com/customize/ycomp/defaults/sb/**www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *us.rd.yahoo.com/customize/ycomp/defaults/sp/**www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *us.rd.yahoo.com/customize/ycomp/defaults/su/**www.yahoo.com
F3 - REG:win.ini: load=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0927048F-BFBE-4320-B8E4-F7C5A8C08F36} - c:\windows\system32\crypt32c.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BOC-425] d:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ccleaner] "D:\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [r0jsyx09] C:\WINDOWS\system32\r0jsyx09.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{50C1AFC5-35BD-46D4-89F4-543A0B704DF4}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: huipcxah - C:\WINDOWS\SYSTEM32\crypt32c.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BOCore - COMODO - d:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Click to expand...
 
Garbage

Garbage

God of Mistakes...
Joined
Dec 26, 2005
Messages
1,896
At first look, I don't see any problems except -
D:\Maxthon\Maxthon.exe
Click to expand...
I don't know, whats that process. If it is your genuine process, then ok. Rest log appears okay for me.

Facing any problem ?
 
Ecko

Ecko

Wandering In Tecno Land
Joined
Feb 17, 2005
Messages
722
Maxthon is browser dude *files.myopera.com/Tamil/Smilies/Whistle.gif

Here's the problem

C:\WINDOWS\system32\r0jsyx09.exe

Try to delete it using unlocker & remove the registry*
Also you can alrenatively scan using latest antispyware & upadte you antivirus*
or you can install latest Avast version & do a boot time scan of system**files.myopera.com/Tamil/Smilies/Victory.gif
 
rhitwick

rhitwick

Democracy is a myth
Joined
Apr 20, 2004
Messages
3,289
^ Maxthon is a browser
c wat WIKI says about it: link
Charley said:
Is there anything wrong here ?
Click to expand...

I'm only suspicious about this
O2 - BHO: (no name) - {0927048F-BFBE-4320-B8E4-F7C5A8C08F36} - c:\windows\system32\crypt32c.dll
Click to expand...
check this link for above: link
and this
O4 - HKCU\..\Run: [r0jsyx09] C:\WINDOWS\system32\r0jsyx09.exe
Click to expand...
Even google don't know wats this:confused:
 
OP
Charley

Charley

Just Do It
Joined
Feb 12, 2005
Messages
2,334
I installed Avast, scanned and it showed me this error

*img240.imagevenue.com/loc233/th_70294_Error_123_233lo.jpg

I clicked delete and it said CANNOT ?

Then opened another window


*img203.imagevenue.com/loc357/th_70296_Error1_123_357lo.jpg

I did this already once, deleted the viruses and again it shows the same message.
 
OP
Charley

Charley

Just Do It
Joined
Feb 12, 2005
Messages
2,334
It shows few nasty ones. How can I be sure whether to delete or not ?
 
Ecko

Ecko

Wandering In Tecno Land
Joined
Feb 17, 2005
Messages
722
You have to schedule a boot time scan for it
Boot time scan is asked at installation of Avast
If you haven't done it yet then schedule it by
Right Click on Avast Icon in TaskBar & CLick Start Avast Ntvirus
*img195.imagevenue.com/loc40/th_89931_sch_122_40lo.JPG

*img162.imagevenue.com/loc1061/th_89967_schea_122_1061lo.JPG

@ rhitwick
Its a browser dude :D read Wiki carefully
Right Hand pane
Maxthon
Maxthon Icon
Developed by Maxthon International Limited
Latest release 2.1.3.2418 / August 7, 2008 (2008-08-07); 17 days ago
OS Windows
Type Web browser
License Proprietary EULA
Website www.maxthon.com
 
R

rakesh14021983

Broken In
Joined
Sep 19, 2006
Messages
59
Charley said:
It shows few nasty ones. How can I be sure whether to delete or not ?
Click to expand...

HijackThis itself allows you to delete nasty entries... make sure u have the latest version...

once u have deleted the entries, create a new log file and post it on the hijackthis.de webpage... it shud come clean.
 
amitash

amitash

Intel OCer
Joined
Feb 18, 2008
Messages
1,122
O4 - HKCU\..\Run: [r0jsyx09] C:\WINDOWS\system32\r0jsyx09.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Click to expand...


VERY suspicios things

O2 - BHO: (no name) - {0927048F-BFBE-4320-B8E4-F7C5A8C08F36} - c:\windows\system32\crypt32c.dll
Click to expand...

Im not really sure about this one...But it does look quite suspicious
 
Status
Not open for further replies.
Top