Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Computer HiJackThus Log


  • Please log in to reply

#1
Licou0us

Licou0us

    New Member

  • Member
  • Pip
  • 3 posts
Does anyone find a maleware= :whistling:
Logfile of HijackThis v1.99.1
Scan saved at 16:19:48, on 2007-03-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Java\jre1.5.0_11\bin\jusched.exe
C:\Program\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe
C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE
C:\Program\Java\jre1.5.0_11\bin\jusched.exe
C:\Program\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Xarina\Skrivbord\Rats\PI2.2.0.exe
C:\Program\Windows Media Player\wmplayer.exe
C:\PROGRAM\Mozilla Firefox\firefox.exe
C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Documents and Settings\Xarina\Skrivbord\Setup Filer\osten.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program\NavExcel Search Toolbar\NavExcelBar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Funkvc] C:\DOCUME~1\Xarina\APPLIC~1\KNOBBI~1\Warngramteam.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program\Free Download Manager\fdm.exe -autorun
O4 - Startup: SMS Messenger.lnk = C:\Program\SMS Messenger\SmsMessenger.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  • 0

Advertisements


#2
Licou0us

Licou0us

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
No one?? Did do anything wrong?
  • 0

#3
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Licou0us and welcome, Please dont bump your topic it gives us the impression someone is helping you



Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --


Please post an uninstall list for me as well
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

  • 0

#4
Licou0us

Licou0us

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanx

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Xarina
[2007-03-04]
[22:31:14]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A198787691A7F3CA.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administratör\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\F-secure
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Secondwayuploadsettings
C:\Documents and Settings\All Users\Application Data\Support.com
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Sofia\Application Data\F-secure
C:\Documents and Settings\Sofia\Application Data\Identities
C:\Documents and Settings\Sofia\Application Data\Macromedia
C:\Documents and Settings\Sofia\Application Data\Microsoft
C:\Documents and Settings\Sofia\Application Data\Mozilla
C:\Documents and Settings\Sofia\Application Data\Real
C:\Documents and Settings\Sofia\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Xarina\Application Data\Ahead
C:\Documents and Settings\Xarina\Application Data\F-secure
C:\Documents and Settings\Xarina\Application Data\Gtk-2.0
C:\Documents and Settings\Xarina\Application Data\Identities
C:\Documents and Settings\Xarina\Application Data\Knob Bike
C:\Documents and Settings\Xarina\Application Data\Macromedia
C:\Documents and Settings\Xarina\Application Data\Microsoft
C:\Documents and Settings\Xarina\Application Data\Mozilla
C:\Documents and Settings\Xarina\Application Data\Netscape
C:\Documents and Settings\Xarina\Application Data\Pc Tools
C:\Documents and Settings\Xarina\Application Data\Pointstone
C:\Documents and Settings\Xarina\Application Data\Real
C:\Documents and Settings\Xarina\Application Data\Sun
C:\Documents and Settings\Xarina\Application Data\Utorrent
C:\Documents and Settings\Xarina\Application Data\Vlc
C:\Documents and Settings\Xarina\Application Data\Voipstunt
C:\Documents and Settings\Xarina\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Xarina\Application Data\Wireshark
C:\Documents and Settings\Xarina\Application Data\Yahoo! -- EMPTY Directory


List


Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
Dell ResourceCD
DVDFab Decrypter 3.0.7.0
HijackThis 1.99.1
HP Foto och bilduppbyggnad 2.0 - All-in-One
HP Foto och bilduppbyggnad 2.0 - All-in-One Drivrutin
HP Foto och bilduppbyggnad 2.0 - hp psc 1200 series
hp psc 1200 series
Intel® PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 11
Macromedia Flash Player 8
Messenger Plus! Live & Sponsor
mIRC
Mozilla Firefox (2.0.0.2)
Nero 7 Demo
No-IP.com DUC (remove only)
Nullsoft Install System
RealPlayer
Recover My Files
Skapa HP arkiv-CD
Spyware Doctor 4.0
System Cleaner 5
Telia Säker Surf
Total Video Converter 3.10
Unlocker 1.8.5
VideoLAN VLC media player 0.8.6a
Winamp (remove only)
WinAVIVideoConverter
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
WinRAR archiver
VoipStunt
  • 0

#5
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Needed a fresh HJT log as well please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP