HJT Log.

bkribbs

bkribbs

New Member
I have a possible virus, have an hour left on the scan before I will know, but I did a HJT scan and want to know what some stuff is. I will bold what I have a question about. And please tell me if anything else jumps out.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:59 PM, on 7/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\System32\svchost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Documents and Settings\Benton\Application Data\Dropbox\bin\Dropbox.exe
C:\windows\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Benton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Benton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Benton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Benton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Benton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Benton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Benton\My Documents\Downloads\HijackThis (2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Benton\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: Status Monitor.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CB6DC47-B9F4-4476-8E91-2B0A9CFCD705}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{84CEBB82-26DD-4FA3-86E9-0417F020462D}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{C259B7D6-1910-48CE-B009-F00111F84D23}: NameServer = 209.18.47.61,209.18.47.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CB6DC47-B9F4-4476-8E91-2B0A9CFCD705}: NameServer = 209.18.47.61,209.18.47.62
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 6167 bytes
 
Most likely a bad webpage or an ad here on the forum. AVG will do the same thing if its a bad ad.
 
johnb35 said:
Most likely a bad webpage or an ad here on the forum. AVG will do the same thing if its a bad ad.
Click to expand...

Oh, so does that mean I did have a virus? Or that there was an attempt? Or what exactly does that mean? Because it didn't pick it up until I scanned for it.
 
Most likely an attempt but since I don't use MSE I have no idea. Did you by chance click on show details? Did it actually give you file locations?
 
They are all the same except the "Items:" place. Here they are

Category: Exploit

Description: This program is dangerous and exploits the computer on which it is run.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
containerfile:C:\Documents and Settings\Benton\Application Data\Sun\Java\Deployment\cache\6.0\24\5f17d398-76be6009
file:C:\Documents and Settings\Benton\Application Data\Sun\Java\Deployment\cache\6.0\24\5f17d398-76be6009->javax/Server1.class


Items:
containerfile:C:\Documents and Settings\Benton\Application Data\Sun\Java\Deployment\cache\6.0\33\ccfd261-4278620a
file:C:\Documents and Settings\Benton\Application Data\Sun\Java\Deployment\cache\6.0\33\ccfd261-4278620a->Email.class

Items:
containerfile:C:\Documents and Settings\Benton\Application Data\Sun\Java\Deployment\cache\6.0\24\5f17d398-76be6009
file:C:\Documents and Settings\Benton\Application Data\Sun\Java\Deployment\cache\6.0\24\5f17d398-76be6009->javax/AServers.class

Items:
containerfile:C:\Documents and Settings\Benton\Application Data\Sun\Java\Deployment\cache\6.0\24\5f17d398-76be6009
file:C:\Documents and Settings\Benton\Application Data\Sun\Java\Deployment\cache\6.0\24\5f17d398-76be6009->javax/Server2.class
 
Download Security Check from here or here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.
 
Waiting...

Here ya go.


Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.2
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````
 
just wanted to make sure you were running the latest version of java. When was the last time you scanned?
 
You must log in or register to reply here.
Back
Top