Jump to content

Recommended Posts

Posted

G'day boss,

it's been a while and thought I'd get you to have a looksee and let me know what can go....

Cheers :D

Logfile of HijackThis v1.99.1

Scan saved at 20:33:31, on 21/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5450.0004)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Telstra\Toolbar\bpumTray.exe

C:\Program Files\Telstra\Cable Login\bpcable.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Logitech\G-series Software\LCDMon.exe

C:\Program Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Program Files\LClock\lclock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Samurize\Client.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\HijackThis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll

O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - (no file)

O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"

O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [DesktopX] "" C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe"" -noui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1

O4 - Startup: Client Sidebar.lnk = C:\Program Files\Samurize\Client.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Start OpdiTracker.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [INTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132910925265

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - 

O17 - HKLM\System\CS1\Services\Tcpip\..\{3D624CC7-338B-4834-B417-C2783E4DF6CF}: NameServer = 69.50.188.178,69.31.80.244

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

  • Administrator
Posted

Is the F2 - userinit.exe a legit Microsoft process? You can check with http://virusscan.jotti.org/

Here's useful information on userinit.exe

Do you use your BigPond Toolbar often? If not, you may wish to uninstall it.

Generated by Tarun's HijackThis Converter v0.50 Beta.

Default-color items are optional, red are known to be malicious.

Enumeration of existing IE's BHO's

O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - (no file)

Enumeration of existing IE's toolbars

O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - (no file)

Enumeration of suspicious auto-loading registry entries

O4 - HKLM\..\Run: [bigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"

O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1

O4 - Global Startup: Start OpdiTracker.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe

Extra IE context menu items

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

Extra "Tools" menu items and buttons

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Downloaded Program Files item

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab

O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -

Guest
This topic is now closed to further replies.
×
×
  • Create New...