Please analyze my hijacklog. - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware > HijackThis Logs (finished)
Click Here to Login
 
 
Thread Tools Display Modes
 
Old 11-15-2009, 01:08 AM   #1 (permalink)
Newb Techie
 
Join Date: Nov 2009
Posts: 28
Default Please analyze my hijacklog.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:51 AM, on 11/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Paul\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mebobedej] Rundll32.exe "c:\progra~3\manojemi\manojemi.dll",a
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RegistryCleanerPro] C:\Program Files (x86)\iXi Tools\Registry Cleaner Pro\RegistryCleanerPro.exe -t
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Pino] C:\Users\Paul\AppData\Local\PeeringPortal\Pino\pin o.exe
O4 - HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork
O4 - HKCU\..\Run: [MailBlocker] C:\Users\Paul\AppData\Local\Temp\b.exe
O4 - HKCU\..\Run: [ikmfkfjo] C:\Users\Paul\AppData\Local\jhbtgc\cwcfsysguard.ex e
O4 - HKCU\..\Run: [12301714] C:\ProgramData\12301714\12301714.exe
O4 - HKCU\..\Run: [mebobedej] Rundll32.exe "c:\progra~3\manojemi\manojemi.dll",a
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.0.13)_Gecko/2009073022_Firefox/3.0.13_(.NET_CLR_3.5.30729)" -"http://bcs.worthpublishers.com/myers8e/content/cat_020/00020-01.htm?v=chapter&i=00020.01&s=00000&n=00020&o=|005 10|00520|00530|00540|00550|00560|00570|00580|00590 |00600|00610|00620|00630|00640|00650|00660|00010|0 0020|00030|00040|00050|00060|00070|00080|00090|001 80|00100|00110|00120|00130|00140|00150|00160|00170 |00190|00200|00000|01000|02000|03000|04000|05000|0 6000|07000|08000|09000|10000|11000|12000|13000|140 00|15000|16000|17000|18000|19000|99000|"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files (x86)\Hamachi\hamachi.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {FDE21640-4361-43E7-82B7-D1E32B33349A} (Pino Loader) - ??? ??? ???:????,??????,??????,????,??????
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\ProgramData\rifezufi\rifezufi.dll c:\PROGRA~3\manojemi\manojemi.dll
O21 - SSODL: depuvevuf - {0b9aa9f4-23c6-4db0-b488-1bc164e744ae} - c:\progra~3\manojemi\manojemi.dll
O22 - SharedTaskScheduler: mujuzedij - {0b9aa9f4-23c6-4db0-b488-1bc164e744ae} - c:\progra~3\manojemi\manojemi.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate1c99587a1ac7228) (gupdate1c99587a1ac7228) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15554 bytes
__________________

mingming12 is offline  
Old 11-15-2009, 11:40 AM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Please analyze my hijacklog.

Run malwarebytes and post its log
__________________

__________________
Osiris is offline  
Old 11-15-2009, 04:08 PM   #3 (permalink)
Newb Techie
 
Join Date: Nov 2009
Posts: 28
Default Re: Please analyze my hijacklog.

Malwarebytes' Anti-Malware 1.41
Database version: 3176
Windows 6.0.6001 Service Pack 1 (Safe Mode)

11/15/2009 4:03:45 PM
mbam-log-2009-11-15 (16-03-31).txt

Scan type: Quick Scan
Objects scanned: 92815
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\swg (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\steam (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\mailblocker (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\12301714 (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\ikmfkfjo (Trojan.FakeAlert.N) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\sshnas (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\ProgramData\12301714 (Rogue.Multiple) -> No action taken.

Files Infected:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Trojan.Downloader) -> No action taken.
C:\Program Files (x86)\Steam\steam.exe (Trojan.Downloader) -> No action taken.
c:\ProgramData\manojemi\manojemi.dll (Malware.Packer) -> No action taken.
C:\aywdthl.exe (Trojan.Vundo) -> No action taken.
C:\penmrdya.exe (Trojan.Downloader) -> No action taken.
C:\Users\Paul\AppData\Local\Temp\85c14bbf.exe (Trojan.Dropper) -> No action taken.
C:\Users\Paul\AppData\Local\Temp\a.exe (Trojan.Downloader) -> No action taken.
C:\Users\Paul\AppData\Local\Temp\rundll32.exe (Trojan.Downloader) -> No action taken.
C:\Users\Paul\downloads\VLCSetup.exe (Adware.Seekmo) -> No action taken.
C:\ProgramData\12301714\12301714 .exe (Rogue.Multiple) -> No action taken.
C:\ProgramData\12301714\12301714.bat (Rogue.Multiple) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Users\Paul\Local Settings\Temporary Internet Files\PLauncher.exe (Trojan.Agent) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Program Files (x86)\Adobe\acrotray.exe (Trojan.Agent) -> No action taken.
C:\Users\Paul\AppData\Local\Temp\c.exe (Trojan.Dropper) -> No action taken.
C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files (x86)\Adobe\acrotray .exe (Trojan.Agent) -> No action taken.
mingming12 is offline  
Old 11-15-2009, 04:28 PM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Please analyze my hijacklog.

Looks like you need to run combofix first, then malwarebytes again, post both of their logs as well.
__________________
Osiris is offline  
Old 11-15-2009, 08:55 PM   #5 (permalink)
Newb Techie
 
Join Date: Nov 2009
Posts: 28
Default Re: Please analyze my hijacklog.

I can't run combofix since it isn't compatible with vista (i have 64 bit)
mingming12 is offline  
Old 11-15-2009, 09:07 PM   #6 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Please analyze my hijacklog.

Remove these entries using hijackhis, reboot, then run malwarebytes again. Also make sure before you reboot to go to start, run, type msconfig and press enter. Go to the startup tab, click disable all, then recheck your antivirus and then reboot.

O4 - HKLM\..\Run: [mebobedej] Rundll32.exe "c:\progra~3\manojemi\manojemi.dll",a

O4 - HKCU\..\Run: [RegistryCleanerPro] C:\Program Files (x86)\iXi Tools\Registry Cleaner Pro\RegistryCleanerPro.exe -t

O4 - HKCU\..\Run: [SSHNAS] rundll32.exe C:\Windows\system32\sshnas.dll,DllWork

O4 - HKCU\..\Run: [MailBlocker] C:\Users\Paul\AppData\Local\Temp\b.exe


O4 - HKCU\..\Run: [ikmfkfjo] C:\Users\Paul\AppData\Local\jhbtgc\cwcfsysguard.ex e


O4 - HKCU\..\Run: [12301714] C:\ProgramData\12301714\12301714.exe

O4 - HKCU\..\Run: [mebobedej] Rundll32.exe "c:\progra~3\manojemi\manojemi.dll",a


O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab

O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab

O16 - DPF: {FDE21640-4361-43E7-82B7-D1E32B33349A} (Pino Loader) - ??? ??? ???:????,??????,??????,????,??????

O20 - AppInit_DLLs: C:\ProgramData\rifezufi\rifezufi.dll c:\PROGRA~3\manojemi\manojemi.dll

O21 - SSODL: depuvevuf - {0b9aa9f4-23c6-4db0-b488-1bc164e744ae} - c:\progra~3\manojemi\manojemi.dll

O22 - SharedTaskScheduler: mujuzedij - {0b9aa9f4-23c6-4db0-b488-1bc164e744ae} - c:\progra~3\manojemi\manojemi.dll
__________________
Osiris is offline  
Old 11-15-2009, 10:45 PM   #7 (permalink)
Newb Techie
 
Join Date: Nov 2009
Posts: 28
Default Re: Please analyze my hijacklog.

This is what I got when running malwarebytes.

Malwarebytes' Anti-Malware 1.41
Database version: 3177
Windows 6.0.6001 Service Pack 1

11/15/2009 10:43:17 PM
mbam-log-2009-11-15 (22-43-11).txt

Scan type: Quick Scan
Objects scanned: 93225
Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 19

Memory Processes Infected:
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\ProgramData\12301714 (Rogue.Multiple) -> No action taken.

Files Infected:
C:\Users\Paul\AppData\Local\Temp\85c14bbf.exe (Trojan.Dropper) -> No action taken.
C:\Users\Paul\downloads\VLCSetup.exe (Adware.Seekmo) -> No action taken.
C:\ProgramData\12301714\12301714 .exe (Rogue.Multiple) -> No action taken.
C:\ProgramData\12301714\12301714.bat (Rogue.Multiple) -> No action taken.
C:\ProgramData\12301714\12301714.exe (Rogue.Multiple) -> No action taken.
C:\Windows\System32\berijona.dll (Trojan.Vundo.N) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Windows\System32\dapotado.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\jetebusu.dll (Trojan.Vundo) -> No action taken.
C:\Users\Paul\AppData\Local\Temp\ctv2702.exe (Trojan.Dropper) -> No action taken.
C:\Users\Paul\Local Settings\Temporary Internet Files\PLauncher.exe (Trojan.Agent) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Program Files (x86)\Adobe\acrotray.exe (Trojan.Agent) -> No action taken.
C:\Users\Paul\AppData\Local\Temp\a.exe (Trojan.Dropper) -> No action taken.
C:\Users\Paul\AppData\Local\Temp\b.exe (Trojan.Dropper) -> No action taken.
C:\Users\Paul\AppData\Local\Temp\c.exe (Trojan.Dropper) -> No action taken.
C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files (x86)\Adobe\acrotray .exe (Trojan.Agent) -> No action taken.
mingming12 is offline  
Old 11-15-2009, 11:01 PM   #8 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Please analyze my hijacklog.

Run this next MSE
and post results
__________________
Osiris is offline  
Old 11-15-2009, 11:31 PM   #9 (permalink)
Newb Techie
 
Join Date: Nov 2009
Posts: 28
Default Re: Please analyze my hijacklog.

The results for the scan is clean. Soo, am I good to go?


Well a notice pops up every once in awhile that says A-Installc517_2005-5[1].exe has stopped working. I'm saying this since the notice started to pop up when I got a bunch of trojans..

Is this something you/I should be concerned about?
mingming12 is offline  
Old 11-15-2009, 11:40 PM   #10 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Please analyze my hijacklog.

What antivirus do you use? I would suggest using AVG 9 Free and running a full system scan.

No we aren't done yet.
__________________

__________________
Osiris is offline  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Analyze Computer Systems With Kasperskyís GSI Parser Osiris Tips, Tricks & Tutorials 0 07-11-2009 11:30 PM
Need help (analyze Plsz) e40water HijackThis Logs (finished) 3 05-03-2009 12:17 AM
need help in analyze hijackthis log madking153 Viruses, Spyware and Malware 2 04-13-2009 11:52 AM
Please Analyze - Seeing Bad Behaviour cdunford HijackThis Logs (finished) 3 01-25-2009 08:46 PM
Hijacklog MarissaluvsGod21982 New Member Introductions 1 08-14-2008 10:36 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 02:57 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.