Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Broni asked me to post this here o0  (Read 4409 times)

0 Members and 1 Guest are viewing this topic.

hash

  • Guest
Broni asked me to post this here o0
« on: October 09, 2007, 12:55:58 AM »
http://www.computerhope.com/forum/index.php/topic,43913.0.html
-------------------------------------------------------------------------------------
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\hash\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5014 bytes
----------------------------------------------------------------------------------------
Logged

CBMatt

  • Mod & Malware Specialist


    • Prodigy

  • Sad and lonely...and loving every minute of it.
    • Thanked: 167
    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Broni asked me to post this here o0
« Reply #1 on: October 09, 2007, 05:30:07 AM »
Broni isn't online at the moment, so I hope he doesn't mind if I handle this log for now.  By the looks of it, your problem was solved.  Is this correct?  If so, that's great, but there's a tiny bit of cleanup you should do.

First...you don't appear to have any sufficient anti-virus protection, which is a big no-no. If you surf the internet without a full arsenal, you will get infected. Until you get some protection, it would be pointless to advise you any further, as you will simply become infected again. Download AVG Free and SUPERAntiSpyware, install them, and scan with them in Safe Mode.

Then open HijackThis and scan again.  When the scan has completed, check the following entry...

O4 - HKLM\..\Run: [ASocksrv] SocksA.exe

Close all windows (including this one...so you may want to print my post) except for HijackThis and click on Fix Checked.  You should then reboot your computer into Safe Mode (if you're not already in Safe Mode) and delete the following files...

C:\WINDOWS\system32\SocksA.exe
C:\WINDOWS\svchost.exe  (Do not get this confused with the same-named file in the system32 folder!)

If you can't find the files (and they haven't been removed by AVG), you may need to enable hidden files and folders.  If you still have trouble, let me know and we can try an alternate method.  Once you have completed my steps, post back with a new HijackThis log.  This time, please include the entire heading that shows your versions of HijackThis, Windows, and Internet Explorer.
Logged
Quote
An undefined problem has an infinite number of solutions.
—Robert A. Humphrey

CBMatt

  • Mod & Malware Specialist


    • Prodigy

  • Sad and lonely...and loving every minute of it.
    • Thanked: 167
    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Broni asked me to post this here o0
« Reply #2 on: November 06, 2007, 05:50:41 AM »
Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
Logged
Quote
An undefined problem has an infinite number of solutions.
—Robert A. Humphrey
Pages: [1]   Go Up
« previous next »