Just need some help with my HJ this log [P]

tommy_boy_07 · 06-21-2008, 06:03 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:57:45 AM, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
H:\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
H:\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
H:\Winamp\winamp.exe
H:\Spybot - Search & Destroy\SpybotSD.exe
G:\Downloads\Hijack This\HijackThis.exe
H:\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=3081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "H:\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - H:\\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - H:\\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - H:\\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: h:\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - H:\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

I see a few suspicious ones there but unsure so I just need a little help with getting rid of some stuff.

Thanks!

Mak213 · 06-21-2008, 09:31 PM

Hello,

You have Adware. Go thru Osiris's guide and then post up a new log.

http://www.tech-forums.net/pc/f51/sp...osiris-165828/

Cheers,
Mak

Formerly the latter · 06-23-2008, 05:03 PM

How is this coming along?

06-21-2008, 06:03 PM	#1 (permalink)
tommy_boy_07 True Techie Join Date: Feb 2008 Location: Australia Posts: 152	Just need some help with my HJ this log [P] Logfile of HijackThis v1.99.1 Scan saved at 8:57:45 AM, on 22/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE H:\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\ctfmon.exe H:\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\svchost.exe H:\Winamp\winamp.exe H:\Spybot - Search & Destroy\SpybotSD.exe G:\Downloads\Hijack This\HijackThis.exe H:\Mozilla Firefox\firefox.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=3081 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = .local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "H:\RivaTuner v2.09\RivaTuner.exe" /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Clean Traces - H:\\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - H:\\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - H:\\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: h:\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll O11 - Options group: [INTERNATIONAL] International O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\WINDOW~2\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\WINDOW~2\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - H:\COMODO\Firewall\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe I see a few suspicious ones there but unsure so I just need a little help with getting rid of some stuff. Thanks!

06-21-2008, 09:31 PM	#2 (permalink)
Mak213 Commander Super Mod Joker Join Date: Sep 2004 Location: In Trotter's crawl space Posts: 13,691	Re: Just need some help with my HJ this log Hello, You have Adware. Go thru Osiris's guide and then post up a new log. http://www.tech-forums.net/pc/f51/sp...osiris-165828/ Cheers, Mak __________________

06-23-2008, 05:03 PM	#3 (permalink)
Formerly the latter Super Techie Join Date: Aug 2007 Posts: 457	Re: Just need some help with my HJ this log How is this coming along?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Virtual PC operating system	JB Rekit	Windows Operating Systems and Software	19	07-10-2008 10:10 AM
Virtumonde Hijackthis Log [F]	infantryman	HijackThis Logs (finished)	8	07-04-2008 07:35 AM
HJT Log. Internet Issues	Lukey114	HijackThis Logs (finished)	4	04-16-2008 08:02 AM
My HijackThis Log	aetherh4cker	HijackThis Logs (finished)	10	11-28-2007 07:58 AM
Hijackthis log	jtemple	HijackThis Logs (finished)	1	09-20-2007 07:49 AM