Guest Posted December 31, 2008 Report Share Posted December 31, 2008 http://www.malwarebytes.org/ oh yeaaaaa Quote Link to comment Share on other sites More sharing options...
bassbaker15 Posted December 31, 2008 Report Share Posted December 31, 2008 that kinda shit is imbeded in your computer... they get in so deep, you cant remove it without reformating.... trust me on that one... Quote Team Deadly Hertz 1997 GMC 1500 Update.... System is gone Motor is fucked Truck is down and out for a while Myspace YOUTUBE My Build Link to comment Share on other sites More sharing options...
kandiman71874 Posted December 31, 2008 Author Report Share Posted December 31, 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:44:41 AM, on 12/31/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\RAM Idle\RAMIdle.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\PROGRA~1\MAGICF~1\MulMouse.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - S-1-5-18 Startup: Reboot.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Reboot.exe (User 'Default user') O4 - Startup: Reboot.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O21 - SSODL: ieModule - {9318A04A-17EC-43D8-82B5-D77BA19977EF} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll O21 - SSODL: InternetConnection - {A1EB6E40-C6E2-4EE4-A006-001CA8ADA291} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\zxblcbbxfu.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 8304 bytes Quote Daily Driver 1999 Kia Sephia Kenwood DNX-893s Audison Bit One Processor 2 Dat 4.125's Sundown Audio SCV-6k Hertz hsk-165xl's Mids running active Focal V30 Series Tweeters running active Sundown Sa-8 v1's in the doors 2 Sundown Zv5 12's Lots of Hushmat Big 3+ and 3 + & 3- runs of Trystar 2/0 2 Dc Power Engineering 320 HP Alts 2017 Comp Vehicle 2006 Toyota 4 Runner Kenwood Excelon DNX-893s Audison Bit One HD DSP 4 Sundown Sa 6.5v2 Component Sets Focal Access 6.5 2 ways Sundown Audio Sax-50.4 Sundown Audio Sax-100.4 2 Dc Power 370xp Northstar agm27f Northstar agm65 2 Northstar asmagm 480's 2 Dual 1 Sundown Nightshade v3 12's 2 Sundown SCV-7500's All SMD Fuse Holders Shitload Of Sundown 1/0 120 sq ft Second Skin Damp Pro No, Its Not A Burp Truck!!!! 2016 Season 3rd place in Xtreme 1 At Finals 2016 Season 6th Place In Kaos 1 At Finals ( Blew The Subs Up In First Round Eliminations) 2 Kansas State Records Set In 2016 In Xtreme 1 And Kaos 1 In Midwest SPL David said: audio is a lifestyle, not a hobby newls1 I cant read a tape to save my life... 1/2's are ok, but other marks confuse me kingsuv only men who cant read a tape, take it in the ass kingsuv you sir, get a pink hard hat on jobsites Link to comment Share on other sites More sharing options...
AI James Posted December 31, 2008 Report Share Posted December 31, 2008 do you have aim or yahoo im tmaxxerjames on yahoo and ninetyaccordman on aim and im [email protected] on msn if you can get ahold of me i can help you get rid of it Quote Link to comment Share on other sites More sharing options...
j_black10 Posted December 31, 2008 Report Share Posted December 31, 2008 James, let me know if you all resolved this!! If not, I have something that will!! Quote AudioControlRockford FosgateXSPower Link to comment Share on other sites More sharing options...
AI James Posted December 31, 2008 Report Share Posted December 31, 2008 i havent heard anything from him. but i can resolve this as well Quote Link to comment Share on other sites More sharing options...
kandiman71874 Posted December 31, 2008 Author Report Share Posted December 31, 2008 For those of you that chimed in i want to say thanks and a definate thanks to James for the one on one on MSN. There are still some things to clean up on the machine in question here, but after running the malwarebytes program (thank you for that krannyman) the program has stopped its obsessive behavior. Once again, thanks to those that chimed in Chris... Quote Daily Driver 1999 Kia Sephia Kenwood DNX-893s Audison Bit One Processor 2 Dat 4.125's Sundown Audio SCV-6k Hertz hsk-165xl's Mids running active Focal V30 Series Tweeters running active Sundown Sa-8 v1's in the doors 2 Sundown Zv5 12's Lots of Hushmat Big 3+ and 3 + & 3- runs of Trystar 2/0 2 Dc Power Engineering 320 HP Alts 2017 Comp Vehicle 2006 Toyota 4 Runner Kenwood Excelon DNX-893s Audison Bit One HD DSP 4 Sundown Sa 6.5v2 Component Sets Focal Access 6.5 2 ways Sundown Audio Sax-50.4 Sundown Audio Sax-100.4 2 Dc Power 370xp Northstar agm27f Northstar agm65 2 Northstar asmagm 480's 2 Dual 1 Sundown Nightshade v3 12's 2 Sundown SCV-7500's All SMD Fuse Holders Shitload Of Sundown 1/0 120 sq ft Second Skin Damp Pro No, Its Not A Burp Truck!!!! 2016 Season 3rd place in Xtreme 1 At Finals 2016 Season 6th Place In Kaos 1 At Finals ( Blew The Subs Up In First Round Eliminations) 2 Kansas State Records Set In 2016 In Xtreme 1 And Kaos 1 In Midwest SPL David said: audio is a lifestyle, not a hobby newls1 I cant read a tape to save my life... 1/2's are ok, but other marks confuse me kingsuv only men who cant read a tape, take it in the ass kingsuv you sir, get a pink hard hat on jobsites Link to comment Share on other sites More sharing options...
AI James Posted December 31, 2008 Report Share Posted December 31, 2008 glad to see its on the right track Quote Link to comment Share on other sites More sharing options...
whysoserious? Posted December 31, 2008 Report Share Posted December 31, 2008 http://www.malwarebytes.org/oh yeaaaaa bingo! If it is reinstalling itself afterwards. It is more in likely a trojan. Your best bet is to run all those products in safe mode. You might be looking at reformatting your computer. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.