User Tag List

HJT Log - Please Assist

This is a discussion on HJT Log - Please Assist within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Thanks in advance.... (edit: For a friend of mine...yes, I know...he uses AOL) ----- Logfile of HijackThis v1.99.1 Scan saved


 
 
Thread Tools Search this Thread
Old 04-12-2007, 08:21 AM   #1
Registered Member
 
Join Date: Aug 2004
Posts: 4
OS: Win7


Exclamation

Thanks in advance....

(edit: For a friend of mine...yes, I know...he uses AOL)

-----

Logfile of HijackThis v1.99.1
Scan saved at 11:19:28 AM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRAM FILES\COMMON FILES\AOL\1167326659\EE\AOLSOFTWARE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\AOL\1167326659\ee\aolsoftware.exe
C:\PROGRAM FILES\COMMON FILES\AOL\1167326659\EE\AOLOPENRIDE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\MDM.EXE
C:\Documents and Settings\Roman\Application Data\U3\0000177BE96087FB\LaunchPad.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.metacrawler.com/crawler?general=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.metacrawler.com/crawler?general=%s
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Starware347 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware347\bin\Starware347.dll (file missing)
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167326659\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
MistarItalian is offline  
Sponsored Links
Advertisement
 
Old 04-18-2007, 01:51 PM   #2
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi

Not seeing much in the log - what sort of problems is your friend having?

Let's take a deeper look.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
  5. Please attach extra.txt to your post.


To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
Glaswegian is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Pls check my HJT log after cleaning
Hi Could you please check my HJT analysed log. I have followed the 5 steps for removing malware and I have run HJT and analysed while still in safe mode. I have managed to remove the rogue spyware etc but I think there is still a trojan generic ATJ lurking somewhere which I think will reapear...
joice Inactive Malware Help Topics 7 09-29-2005 08:16 AM
HJT log
Here is my log. Until I ran Ad-Aware it was running horrible. I could barely get on IE. This is the log after I ran the KRC analyzer. This system is badly infected and if there is any way there is stuff the analyzer missed please tell me to post the full log from HJT. I would just do a basic clean...
Ghoste Inactive Malware Help Topics 1 09-16-2005 08:01 AM
Redvines HJT log
Hi, im new here and not pc savvy but need some help. I did the HJT log then the HJT analyzer (hope this was right) Problem is theres been a white box running across the bottom task bar and instantly disappears (like a prog running or something) This happens about every 15 minutes and...
Redvines Inactive Malware Help Topics 35 02-16-2005 03:55 PM
HJT Analyser Log not very long but still having problems??
I used the guidelines in the sticky and used HJT Analyser program to create the following log. It is not very long so I read the post by Microbell in this thread https://www.techsupportforum.com/showthread.php?t=27060 and followed procedure 1 to 5 using kill2me, pv, vx2finder,etc. and also came up...
aimankay Inactive Malware Help Topics 17 12-26-2004 07:56 PM
my hjt analyzer log
Hello...new to the forum. I really appreciate your help. Ever since I installed Win XP SP2 I've had probs with adware. Pop up ads everywhere when browsing web. Luckily hasn't slowed the PC down much but very annoying. I use NAV 2004 antivirus (I know, I know) and keep it updated and periodically...
johnbmunson Inactive Malware Help Topics 5 12-23-2004 09:12 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:10 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts