HijackThis - Post ur log file

[vaibhavtek]

Is ur sytem infected by Virus, Trojans, Adwares, Spwares etc etc...???

Is ur system Running slow or giving some problem..??

If yes then Download HijackThis > Install > Generate a log file > Post the content of log file here. We’ll tell you which entries are suspicious and must be fixed to make your system clean. *gigasmilies.googlepages.com/32a.gif

If no then leave this thread. *gigasmilies.googlepages.com/25a.gif
*www.trendsecure.com/portal/en-US/_images/icon-hijack-this.gif
Download HijackThis Installer
Download HijackThis Zip

To fix the suspicious entries, Boot your Windows in Safe Mode by pressing “F8″ key at system startup and select “Safe Mode” option. Run HijackThis again. Then select the entries and click on “Fix checked” button.

So, guys get-set-go..

Plz upload ur log file as attachment rather than posting long one in this thread.

Suggestion for this thread came from:-www.askvg.com[Vishal Gupta's Site]

 

[skghosh44]

I append here hijacthis log file. Is there any problem ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:11, on 02/03/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Update Completion 0] "C:\WINDOWS\system32\QuickTime\QuickTimeUpdateHelper.exe" -uninstallwithapps -destfullpath "C:\Program Files\QuickTime\QuickTimeUpdater.exe" -sourcefullpath "C:\Program Files\QuickTime\TempUpdater.exe" -atboottime "QuickTime Update Completion 0"
O4 - HKLM\..\RunOnce: [RunOnceEx] Rundll32 C:\WINDOWS\system32\iernonce.dll,RunOnceExProcess
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48D61622-EC1E-4F95-847D-4C6F4B879173} (ComponentMethods Class) - *59.162.103.11/netnet/iNetNet.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203008136734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - *www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203008118421
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF7902F5-24ED-4949-90BF-AE51C669A8C7}: NameServer = 218.248.240.208 218.248.240.79
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6954 bytes

 

[skeletor]

I attached here hijacthis log file. Is there any problem ?

I don't find any problem...
But I'll advise you to disable this....

O4 - HKLM\..\Run: [QuickTime Update Completion 0] "C:\WINDOWS\system32\QuickTime\QuickTimeUpdateHelper.exe" -uninstallwithapps -destfullpath "C:\Program Files\QuickTime\QuickTimeUpdater.exe" -sourcefullpath "C:\Program Files\QuickTime\TempUpdater.exe" -atboottime "QuickTime Update Completion 0"

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

This is to prevent automatic startup & update of QuickTime & Google Updater and is basically of no use.......

Also uninstall Ad-aware. It is a bloatware.

Also manually turn of staring of Windows Messenger in its preferences.......
---------------------=====

@vaibhavtek
Are you using Automatic Analysis of the logs???

If yes, anyone can get automatic analysis done here: www.hijackthis.de

 

[Vishal Gupta]

Is ur sytem infected by Virus, Trojans, Adwares, Spwares etc etc...???

Is ur system Running slow or giving some problem..??

If yes then Download HijackThis > Install > Generate a log file > Post the content of log file here. We’ll tell you which entries are suspicious and must be fixed to make your system clean. *gigasmilies.googlepages.com/32a.gif

If no then leave this thread. *gigasmilies.googlepages.com/25a.gif
*www.trendsecure.com/portal/en-US/_images/icon-hijack-this.gif
Download HijackThis Installer
Download HijackThis Zip

To fix the suspicious entries, Boot your Windows in Safe Mode by pressing “F8″ key at system startup and select “Safe Mode” option. Run HijackThis again. Then select the entries and click on “Fix checked” button.

So, guys get-set-go..

Plz upload ur log file as attachment rather than posting long one in this thread.

Mods plz make this thread a sticky one as it will help many members of this forum..!!! *gigasmilies.googlepages.com/40a.gif

hmmm. Didnt you get the idea from following topic:

*www.askvg.com/is-your-system-infected-with-a-virus-spyware-adware-trojan/

Even you copied the same lines and you say you have learnt lesson to provide source and credits.

 

[vaibhavtek]

hmmm. Didnt you get the idea from following topic:

*www.askvg.com/is-your-system-infected-with-a-virus-spyware-adware-trojan/

Even you copied the same lines and you say you have learnt lesson to provide source and credits.

Ya I get the idea from there only..!!!
Ur sites hust rock.
No doublt.

But I have only copy-pasted this

To fix the suspicious entries, Boot your Windows in Safe Mode by pressing “F8″ key at system startup and select “Safe Mode” option. Run HijackThis again. Then select the entries and click on “Fix checked” button.

If u want I will add the following line in my post "The Idea came for:askvg.com"

VG thanks for such a wonderful site.

VG join this thread and help some members..!!!

 

[Vishal Gupta]

Ya I get the idea from there only..!!!
Ur sites hust rock.
No doublt.

But I have only copy-pasted this

VG thanks for such a wonderful site.

VG join this thread and help some members..!!!

Its OK. I just wanted to tell you that please provide proper credits if required.
And having a single thread for virus problems is not a good idea. It'll make it total mess.

The main thing is, its a forum not a site. We have separate sections for each kind of discussion, so its better to create a separate thread for problem instead of posting in a single thread.

 

[shantanu]

Thread Re-opened , Vaibhav : if i find you copying stuff and not mentioning the source, i will ban you..

Please do not make the thread a cartoon show with different colors and fonts what pinch in the eyes.. make it looko cool, not ultra hot..

and warning for vaibhav : this forum runs by all members and you dont own the thread as a personal thing.. who contributes and who does not is the persons own right..

 

[vaibhavtek]

thanks shantanu for reopening my thread.
All guys who has problem with Comp plz post ur log file here.

All guys get-set-go.

 

[skghosh44]

@shantanu

Today you have reopened the thread as per request from the author. Thats good, but what was my fault in this thread, yestarday I was submitted my hijacthis log file here, which was also replied by the member for fixing the problem. I could not understand the reason. The mistake done by
@vaibhavtek is rectified by himself, thats all. I dont see any reason to delete the other reply.

 

[shantanu]

i guess its ok now ?

 

[vaibhavtek]

^^ but shantanu where are skghosh44 attachments.

skghosh44 plz edit ur post and reupload the attachment.

btw where are my posted reply.
I m talking of helping and good one..
plz add that too.
plz shantanu.