HijackThis Report

Charley · Aug 22, 2008

Is there anything wrong here ?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
D:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
d:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\7zOB2.tmp\HijackThis.exe
D:\Maxthon\Maxthon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *us.rd.yahoo.com/customize/ycomp/defaults/sb/**www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *us.rd.yahoo.com/customize/ycomp/defaults/sp/**www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *us.rd.yahoo.com/customize/ycomp/defaults/su/**www.yahoo.com
F3 - REG:win.ini: load=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0927048F-BFBE-4320-B8E4-F7C5A8C08F36} - c:\windows\system32\crypt32c.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BOC-425] d:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ccleaner] "D:\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [r0jsyx09] C:\WINDOWS\system32\r0jsyx09.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{50C1AFC5-35BD-46D4-89F4-543A0B704DF4}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: huipcxah - C:\WINDOWS\SYSTEM32\crypt32c.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BOCore - COMODO - d:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Garbage · Aug 22, 2008

At first look, I don't see any problems except -

D:\Maxthon\Maxthon.exe

I don't know, whats that process. If it is your genuine process, then ok. Rest log appears okay for me.

Facing any problem ?

Ecko · Aug 22, 2008

Maxthon is browser dude *files.myopera.com/Tamil/Smilies/Whistle.gif

Here's the problem

C:\WINDOWS\system32\r0jsyx09.exe

Try to delete it using unlocker & remove the registry*
Also you can alrenatively scan using latest antispyware & upadte you antivirus*
or you can install latest Avast version & do a boot time scan of system**files.myopera.com/Tamil/Smilies/Victory.gif

rhitwick · Aug 22, 2008

^ Maxthon is a browser
c wat WIKI says about it: link

Charley said:
Is there anything wrong here ?

I'm only suspicious about this

O2 - BHO: (no name) - {0927048F-BFBE-4320-B8E4-F7C5A8C08F36} - c:\windows\system32\crypt32c.dll

check this link for above: link
and this

O4 - HKCU\..\Run: [r0jsyx09] C:\WINDOWS\system32\r0jsyx09.exe

Even google don't know wats this

Charley · Aug 24, 2008

I installed Avast, scanned and it showed me this error

*img240.imagevenue.com/loc233/th_70294_Error_123_233lo.jpg

I clicked delete and it said CANNOT ?

Then opened another window

*img203.imagevenue.com/loc357/th_70296_Error1_123_357lo.jpg

I did this already once, deleted the viruses and again it shows the same message.

rakesh14021983 · Aug 24, 2008

Charley said:
Is there anything wrong here ?

Hey... why don't you go to the below link and submit your HijackTHis log file?

*www.hijackthis.de/

This always solved my problems... u might wanna give it a shot

Charley · Aug 24, 2008

It shows few nasty ones. How can I be sure whether to delete or not ?

Ecko · Aug 24, 2008

You have to schedule a boot time scan for it
Boot time scan is asked at installation of Avast
If you haven't done it yet then schedule it by
Right Click on Avast Icon in TaskBar & CLick Start Avast Ntvirus
*img195.imagevenue.com/loc40/th_89931_sch_122_40lo.JPG

*img162.imagevenue.com/loc1061/th_89967_schea_122_1061lo.JPG

@ rhitwick
Its a browser dude

read Wiki carefully
Right Hand pane
Maxthon
Maxthon Icon
Developed by Maxthon International Limited
Latest release 2.1.3.2418 / August 7, 2008 (2008-08-07); 17 days ago
OS Windows
Type Web browser
License Proprietary EULA
Website www.maxthon.com

rakesh14021983 · Aug 24, 2008

Charley said:
It shows few nasty ones. How can I be sure whether to delete or not ?

HijackThis itself allows you to delete nasty entries... make sure u have the latest version...

once u have deleted the entries, create a new log file and post it on the hijackthis.de webpage... it shud come clean.

teamonesolutions · Aug 27, 2008

remove CCCLEAER because its make some probs ( some times ) use Privacy Cleaner

reg

Mahendran

amitash · Aug 27, 2008

O4 - HKCU\..\Run: [r0jsyx09] C:\WINDOWS\system32\r0jsyx09.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

VERY suspicios things

O2 - BHO: (no name) - {0927048F-BFBE-4320-B8E4-F7C5A8C08F36} - c:\windows\system32\crypt32c.dll

Im not really sure about this one...But it does look quite suspicious

HijackThis Report

Charley

Just Do It

Garbage

God of Mistakes...

Ecko

Wandering In Tecno Land

rhitwick

Democracy is a myth

Charley

Just Do It

rakesh14021983

Broken In

Charley

Just Do It

Ecko

Wandering In Tecno Land

rakesh14021983

Broken In

teamonesolutions

Right off the assembly line

amitash

Intel OCer