Jump to content

worrywort

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the Hijack this file but I think Malware byte already took the thing off Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:37:05 PM, on 8/15/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\WebCam\M3000\M3000Mnt.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ManyCam 2.4\ManyCam.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\{real name removed}\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1682929 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.4\ManyCam.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\{real name removed}\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-21-1371315241-4282951562-813958858-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Monkey08') O4 - HKUS\S-1-5-21-1371315241-4282951562-813958858-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Monkey08') O4 - HKUS\S-1-5-21-1371315241-4282951562-813958858-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Monkey08') O4 - Global Startup: Acer VCM.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Intel
  2. WHY WON'T THIS LET ME EDIT THE POST. I need to remove her name. I need a mod.
  3. Registry Data Items Infected: 0 Folders Infected: 4 Files Infected: 31 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cich4bobm7n (Adware.LoudMo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4de52afd-2c46-b100-c898-849c93747354} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4de52afd-2c46-b100-c898-849c93747354} (Adware.AdRotator) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\{real name removed}\Application Data\PriceGong (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Monkey08\Application Data\PriceGong (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Monkey08\Application Data\PriceGong\Data (Adware.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\ciCH4BoBm7N.exe (Adware.LoudMo) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\1.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\a.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\b.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\c.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\d.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\e.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\f.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\g.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\h.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\i.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\J.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\k.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\l.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\m.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\mru.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\n.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\o.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\p.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\q.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\r.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\s.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\t.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\u.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\v.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\w.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\x.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\y.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\{real name removed}\Application Data\PriceGong\Data\z.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Monkey08\Application Data\PriceGong\Data\mru.xml (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Wk9T-4xT.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
  4. I already removed the problems with malwarebytes, but I'm confused about this forum. If I run hijackthis it isn't going to pick anything up because I already took them off, I just have the malwarebytes log. I need to know if any of the things on the computer were keyloggers because my sister (despite REPEATED warnings) went and did her fasfa on the computer which contains information that bad guys could use to steal her credit or something. Please someone tell me if it is okay to post the log here, or maybe if Hijackthis would still detect them even though they are removed. I need help ASAP! Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.