Need help
Started by
Illdan
, Feb 18 2008 11:16 AM
#1
Posted 18 February 2008 - 11:16 AM
#2
Posted 18 February 2008 - 11:18 AM
I just saw something called
Mal/Emogen-I
Mal/Emogen-I
#3
Posted 18 February 2008 - 11:30 AM
Logfile of HijackThis v1.99.1
Scan saved at 12:19:20 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Justin Davidson\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://wapp.verizon........dsl&cd=yaho
o_v.1_ie&bm=yh_search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://web.pvpusnctk...Q2V/MSXRc9xHMX5
82VWn9bMidWyXT0WxMwewDk04c.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=C:\WINDOWS\system32\svchost.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file
missing)
O3 - Toolbar: The retnsrp - {CC304A4D-FC79-4CD3-9A67-46E3AF59319D} -
C:\WINDOWS\retnsrp.dll (file missing)
O4 - HKLM\..\Run: [] C:\WINDOWS\system32\svchost.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [] C:\WINDOWS\system32\svchost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d
locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://bin.mcafee.co...,76/mcinsctl.ca
b
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support)
- http://www-3.ibm.com...rt/IbmEgath.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://bin.mcafee.co...,16/mcgdmgr.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{480B0EBB-14D1-4E0B-91F1-498485F3EC0E
}: NameServer = 24.30.200.3,24.30.201.3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro
Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro
Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -
Webroot Software, Inc. - C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe
Scan saved at 12:19:20 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Justin Davidson\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://wapp.verizon........dsl&cd=yaho
o_v.1_ie&bm=yh_search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://web.pvpusnctk...Q2V/MSXRc9xHMX5
82VWn9bMidWyXT0WxMwewDk04c.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=C:\WINDOWS\system32\svchost.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file
missing)
O3 - Toolbar: The retnsrp - {CC304A4D-FC79-4CD3-9A67-46E3AF59319D} -
C:\WINDOWS\retnsrp.dll (file missing)
O4 - HKLM\..\Run: [] C:\WINDOWS\system32\svchost.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [] C:\WINDOWS\system32\svchost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d
locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://bin.mcafee.co...,76/mcinsctl.ca
b
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support)
- http://www-3.ibm.com...rt/IbmEgath.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://bin.mcafee.co...,16/mcgdmgr.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{480B0EBB-14D1-4E0B-91F1-498485F3EC0E
}: NameServer = 24.30.200.3,24.30.201.3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro
Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro
Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -
Webroot Software, Inc. - C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe
#4
Posted 18 February 2008 - 12:08 PM
Bump
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users