Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > HijackThis Log Help (Inactive)
Suspected Trojan or Malware Suspected Trojan or Malware
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

 
 
Thread Tools
Old 07-22-2008, 05:59 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 1
OS: xp sp2


Suspected Trojan or Malware
I've been getting random pop ups and i sometimes see an unknown process in my process list. It hasn't been affecting me much but one day it was lagging me quite a bit. I remember had lots of help from Hijackthis and i found this forum to be the most professional. Any help is appreciated.

Deckard's System Scanner v20071014.68
Run by Matthew ZhanFOSHIZZ on 2008-07-22 22:52:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
53: 2008-07-22 12:50:14 UTC - RP101 - Deckard's System Scanner Restore Point
52: 2008-07-22 10:29:38 UTC - RP100 - System Checkpoint
51: 2008-07-21 07:25:40 UTC - RP99 - System Checkpoint
50: 2008-07-20 00:07:23 UTC - RP98 - Installed DirectX
49: 2008-07-19 14:30:24 UTC - RP97 - System Checkpoint


-- First Restore Point --
1: 2008-04-27 05:42:15 UTC - RP49 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Matthew ZhanFOSHIZZ.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:50 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Matthew ZhanFOSHIZZ\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Matthew ZhanFOSHIZZ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1201349229859
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4461 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 IlvMoneyDRIVER53 - g:\hackpackv4\ilvmoney1129.sys (file missing)
S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbaudio.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-22 22:28:40 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-07-22 22:00:03 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-07-22 21:07:52 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-07-22 21:00:04 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-07-22 20:58:16 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-07-22 20:00:01 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-07-22 19:16:09 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-07-22 19:00:20 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-07-22 19:00:18 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-07-22 18:00:02 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-07-22 17:00:31 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-07-21 23:00:10 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-07-21 23:00:02 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-07-21 17:00:15 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-07-21 17:00:05 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-07-21 16:00:24 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-07-21 16:00:20 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-07-21 15:00:02 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-07-21 14:53:06 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-07-21 14:00:12 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-07-21 14:00:04 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-07-21 13:00:11 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-07-21 12:15:29 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-07-21 12:00:12 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-07-21 12:00:03 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-07-21 11:00:15 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-07-20 17:40:18 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-07-20 17:28:24 350 --a------ C:\WINDOWS\Tasks\At1.job


-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-22 22:54:42 0 d-------- C:\Program Files\Trend Micro
2008-07-22 22:47:49 0 d-------- C:\WINDOWS\LastGood
2008-07-22 22:46:16 0 d-------- C:\Program Files\Panda Security
2008-07-22 19:33:58 0 d-------- C:\Program Files\ImageConverter Plus
2008-07-20 20:00:35 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-20 20:00:25 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-07-20 20:00:15 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-07-20 17:40:18 35842 --a------ C:\WINDOWS\system32\qTBQcGbG.exe
2008-07-20 17:28:23 29760 --a------ C:\WINDOWS\system32\EtB2dWiB.exe
2008-07-19 20:11:10 0 d-------- C:\Program Files\FlashGet
2008-07-13 20:07:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-13 20:07:23 0 d-------- C:\Program Files\viewsonic
2008-07-07 15:58:28 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-07 15:58:25 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-05 23:53:29 0 d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-07-05 23:50:03 0 d-------- C:\Documents and Settings\Matthew ZhanFOSHIZZ\Application Data\Screaming Bee
2008-07-05 23:49:19 0 d-------- C:\Program Files\Common Files\Screaming Bee
2008-07-05 23:48:12 0 d-------- C:\Program Files\Screaming Bee
2008-07-05 23:44:07 0 d-------- C:\vcs5BGEffects
2008-07-05 23:44:05 0 d-------- C:\vcs5core
2008-07-05 23:44:05 0 d-------- C:\AV_LOGS
2008-07-01 20:09:41 0 d-------- C:\Program Files\Qonquer Online Client
2008-07-01 19:58:08 0 d-------- C:\Program Files\Hamachi
2008-06-28 23:51:10 0 d-------- C:\AHK
2008-06-26 22:41:57 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-26 22:41:57 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-06-26 22:41:56 0 d-------- C:\Program Files\Cheat Engine


-- Find3M Report ---------------------------------------------------------------

2008-07-22 22:54:00 0 d-------- C:\Documents and Settings\Matthew ZhanFOSHIZZ\Application Data\SiteAdvisor
2008-07-22 19:23:14 0 d-------- C:\Documents and Settings\Matthew ZhanFOSHIZZ\Application Data\Hamachi
2008-07-19 13:03:23 0 d-------- C:\Program Files\Conquer 2.0
2008-07-16 16:35:10 0 d-------- C:\Documents and Settings\Matthew ZhanFOSHIZZ\Application Data\uTorrent
2008-07-13 20:07:32 0 d-------- C:\Program Files\Common Files
2008-07-13 20:07:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-09 22:31:49 0 d-------- C:\Documents and Settings\Matthew ZhanFOSHIZZ\Application Data\Ventrilo
2008-06-08 23:25:22 0 d-------- C:\Program Files\DivX
2008-06-08 23:01:52 0 d-------- C:\Program Files\NetBattle
2008-06-08 12:52:26 0 d--h----- C:\Documents and Settings\Matthew ZhanFOSHIZZ\Application Data\ijjigame
2008-06-08 09:34:22 0 d-------- C:\Program Files\NHN USA
2008-06-07 21:53:13 0 d-------- C:\Program Files\Guitar Pro 5
2008-06-05 16:33:10 0 d-------- C:\Documents and Settings\Matthew ZhanFOSHIZZ\Application Data\Internode
2008-04-27 19:13:36 704512 --a------ C:\WINDOWS\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
11/18/2007 09:57 AM 130048 --a------ C:\WINDOWS\mpcodecplg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 12:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 12:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 12:41 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="C:\PROGRA~1\INTERN~2\mum.exe" [03/02/2008 09:36 AM]
"viwc"="C:\WINDOWS\system32\viwc.exe" [11/30/2007 05:56 AM]
"LClock"="C:\Program Files\LClock\LClock.exe" []
"ViStart"="C:\Program Files\ViStart\ViStart.exe" []
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" []
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" []

C:\Documents and Settings\Matthew ZhanFOSHIZZ\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [7/1/2008 7:58:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-07-22 22:55:18 ------------





Oh, i realized that the unknown process was not listed. This is because i went into the Task Manager and closed it manually.
JeebusX is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:22 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82