Dar366 Posted April 5, 2013 Posted April 5, 2013 Hello I need someone to look at my scan results, I'm new to virus' not sure how to handle them, quite frankly a little nervous about making registry changes. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:44:30 PM, on 1/17/2013 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:Program FilesSearchProtectbinCltMngSvc.exe C:WINDOWSsystem32dmwu.exe C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesService32.exe C:Program FilesWajamUpdaterWajamUpdater.exe C:Program FilesUnlockerUnlockerAssistant.exe C:Documents and SettingsStudentApplication DataSearchProtectbincltmng.exe C:Documents and SettingsStudentLocal SettingsApplication DataUpdater12749Updater12749.exe C:Documents and SettingsStudentApplication DataVideoDownloadToolbarVideoDownloadToolbar.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSsystem32wbemunsecapp.exe C:WINDOWSsystem32jmdpstij.exe C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesApp32.exe F:Programsnu2menunu2menu.exe F:Programsnu2menunu2menu.exe C:WINDOWSsystem32svchost.exe F:Programsnu2menunu2menu.exe C:Documents and SettingsStudentDesktopHIJack ThisHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://home.sweetim.com/?crg=3.1010006.10037&barid={0BD0BAFB-50A3-11E2-90BA-000C6E152E30} R3 - URLSearchHook: WhiteSmoke Tools Toolbar - {011f9246-da13-4555-9998-6e4805bd533f} - C:Program FilesWhiteSmoke_ToolsprxtbWhit.dll R3 - URLSearchHook: UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:Program FilesMinibarMinibar.dll O2 - BHO: WhiteSmoke Tools - {011f9246-da13-4555-9998-6e4805bd533f} - C:Program FilesWhiteSmoke_ToolsprxtbWhit.dll O2 - BHO: CrossriderApp0012749 - {11111111-1111-1111-1111-110111271149} - C:Program FilesCoupon CaddyCoupon Caddy.dll O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:Program FilesWajamIEpriam_bho.dll O2 - BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:Program FilesMinibarMinibar.dll O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:Program FilesPricePeeppricepeep.dll O3 - Toolbar: WhiteSmoke Tools Toolbar - {011f9246-da13-4555-9998-6e4805bd533f} - C:Program FilesWhiteSmoke_ToolsprxtbWhit.dll O4 - HKLM..Run: [unlockerAssistant] C:Program FilesUnlockerUnlockerAssistant.exe -H O4 - HKLM..Run: [searchProtectAll] C:Program FilesSearchProtectbincltmng.exe O4 - HKCU..Run: [searchProtect] C:Documents and SettingsStudentApplication DataSearchProtectbincltmng.exe O4 - HKCU..Run: [updater12749.exe] C:Documents and SettingsStudentLocal SettingsApplication DataUpdater12749Updater12749.exe /extensionid=12749 /extensionname='Coupon Caddy' /chromeid=aaamibmnaoameallhmlcjfgghimpjccp /stayidle /delay=300 O4 - Global Startup: VideoDownloadToolbar.lnk = C:Documents and SettingsStudentApplication DataVideoDownloadToolbarVideoDownloadToolbar.exe O9 - Extra button: Download Video - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:Program FilesMinibarMinibar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:Program FilesSearchProtectbinCltMngSvc.exe O23 - Service: IBUpdaterService - Unknown owner - C:WINDOWSsystem32dmwu.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:Program FilesWinPcaprpcapd.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesService32.exe O23 - Service: WajamUpdater - Wajam - C:Program FilesWajamUpdaterWajamUpdater.exe -- End of file - 4721 bytes Thanks
Administrator Tarun Posted April 6, 2013 Administrator Posted April 6, 2013 Seeing a few things that look rather shady. Also, your OS is not fully up-to-date. You're on XP SP2 and really should be on XP SP3, it's been out for years and by not having it you've left yourself open to infection. Please run full scans with Malwarebytes and SUPERAntiSpyware and post a log for each.
Administrator Tarun Posted October 11, 2013 Administrator Posted October 11, 2013 Due to lack of response this topic is now closed.If you need continued support, please start a new thread and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: PC Cleanup
Recommended Posts