Jump to content

Recommended Posts

Posted

Hello

 

I need someone to look at my scan results, I'm new to virus' not sure how to handle them, quite frankly a little nervous about making registry changes.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:30 PM, on 1/17/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSearchProtectbinCltMngSvc.exe
C:WINDOWSsystem32dmwu.exe
C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesService32.exe
C:Program FilesWajamUpdaterWajamUpdater.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Documents and SettingsStudentApplication DataSearchProtectbincltmng.exe
C:Documents and SettingsStudentLocal SettingsApplication DataUpdater12749Updater12749.exe
C:Documents and SettingsStudentApplication DataVideoDownloadToolbarVideoDownloadToolbar.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:WINDOWSsystem32jmdpstij.exe
C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesApp32.exe
F:Programsnu2menunu2menu.exe
F:Programsnu2menunu2menu.exe
C:WINDOWSsystem32svchost.exe
F:Programsnu2menunu2menu.exe
C:Documents and SettingsStudentDesktopHIJack ThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://home.sweetim.com/?crg=3.1010006.10037&barid={0BD0BAFB-50A3-11E2-90BA-000C6E152E30}
R3 - URLSearchHook: WhiteSmoke Tools Toolbar - {011f9246-da13-4555-9998-6e4805bd533f} - C:Program FilesWhiteSmoke_ToolsprxtbWhit.dll
R3 - URLSearchHook: UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:Program FilesMinibarMinibar.dll
O2 - BHO: WhiteSmoke Tools - {011f9246-da13-4555-9998-6e4805bd533f} - C:Program FilesWhiteSmoke_ToolsprxtbWhit.dll
O2 - BHO: CrossriderApp0012749 - {11111111-1111-1111-1111-110111271149} - C:Program FilesCoupon CaddyCoupon Caddy.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:Program FilesWajamIEpriam_bho.dll
O2 - BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:Program FilesMinibarMinibar.dll
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:Program FilesPricePeeppricepeep.dll
O3 - Toolbar: WhiteSmoke Tools Toolbar - {011f9246-da13-4555-9998-6e4805bd533f} - C:Program FilesWhiteSmoke_ToolsprxtbWhit.dll
O4 - HKLM..Run: [unlockerAssistant] C:Program FilesUnlockerUnlockerAssistant.exe -H
O4 - HKLM..Run: [searchProtectAll] C:Program FilesSearchProtectbincltmng.exe
O4 - HKCU..Run: [searchProtect] C:Documents and SettingsStudentApplication DataSearchProtectbincltmng.exe
O4 - HKCU..Run: [updater12749.exe] C:Documents and SettingsStudentLocal SettingsApplication DataUpdater12749Updater12749.exe /extensionid=12749 /extensionname='Coupon Caddy' /chromeid=aaamibmnaoameallhmlcjfgghimpjccp /stayidle /delay=300
O4 - Global Startup: VideoDownloadToolbar.lnk = C:Documents and SettingsStudentApplication DataVideoDownloadToolbarVideoDownloadToolbar.exe
O9 - Extra button: Download Video - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:Program FilesMinibarMinibar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:Program FilesSearchProtectbinCltMngSvc.exe
O23 - Service: IBUpdaterService - Unknown owner - C:WINDOWSsystem32dmwu.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:Program FilesWinPcaprpcapd.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesService32.exe
O23 - Service: WajamUpdater - Wajam - C:Program FilesWajamUpdaterWajamUpdater.exe

--
End of file - 4721 bytes

 

 

Thanks

  • Administrator
Posted

Seeing a few things that look rather shady. Also, your OS is not fully up-to-date. You're on XP SP2 and really should be on XP SP3, it's been out for years and by not having it you've left yourself open to infection.

 

Please run full scans with Malwarebytes and SUPERAntiSpyware and post a log for each.

  • 6 months later...
  • Administrator
Posted

Due to lack of response this topic is now closed.

If you need continued support, please start a new thread and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: PC Cleanup

Guest
This topic is now closed to further replies.
×
×
  • Create New...