///Alpine91 Posted January 22, 2009 Report Share Posted January 22, 2009 im running a hijackthis scan right now and going to run a malwarebytes right after then post another hijackthis scan result. Hopefully it cleans it up but if not then im clueless as of what to do. Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
AI James Posted January 22, 2009 Report Share Posted January 22, 2009 maybe an antivirus software considering if its a real trojan i doubt youll get rid of it with just a malware program and hijackthis Quote Link to comment Share on other sites More sharing options...
///Alpine91 Posted January 22, 2009 Author Report Share Posted January 22, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:04:49 PM, on 1/22/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\zHotkey.exe C:\Windows\ModPS2Key.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe C:\Windows\System32\mobsync.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5656 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5656 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5656 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5656 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5656 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\3DFALL~1\\trioService.exe " O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FreezeScreenSaver - Unknown owner - C:\Windows\system32\FreezeScreenSaver.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MalwareRemovalBot Scanning Engine (MalwareRemovalBotSrv) - Unknown owner - C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.srv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7798 bytes See anything strange? Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
AI James Posted January 22, 2009 Report Share Posted January 22, 2009 (edited) O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot 2 instances of it and then theres the no name no file as well Edited January 22, 2009 by James Quote Link to comment Share on other sites More sharing options...
///Alpine91 Posted January 22, 2009 Author Report Share Posted January 22, 2009 maybe an antivirus softwareconsidering if its a real trojan i doubt youll get rid of it with just a malware program and hijackthis I have Webroot spy sweeper and antivirus. That's how i found it, i am running a scan and it's in my items detected. It's called troj/Wimad-N hopefully i can quarantine it and remove it. Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
AI James Posted January 22, 2009 Report Share Posted January 22, 2009 webroot is junk imo use avast or nod32, hell even spybot search and destroy is better http://www.sophos.com/security/analyses/vi...trojwimadn.html that will get rid of it Quote Link to comment Share on other sites More sharing options...
uhoh_45 Posted January 22, 2009 Report Share Posted January 22, 2009 thats wicked but i've got a magnum Quote R.I.P! (Nov-29-2009) 92 explorer - 4 Atomic Apxx 15s duel .7s - 4rth order bandpass wall -4 powerbass XA-3000D's - 16 8volt batts wired to 16 volts - (9+/9-) runs 0gauge - 152.3 Db @ 29hz BUILD LOG current build 97 chevy lumina4 - 1 Atomic Apx 18 - 6 cube slot port trunk sealed off - 1 powerbass XA-3000D - 2 optima G31s in spare tire18 1 run 1/0 lumina build log Link to comment Share on other sites More sharing options...
///Alpine91 Posted January 22, 2009 Author Report Share Posted January 22, 2009 Webroot quarantined it but im gonna run some other scans and post up another hijackthis log. Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
Cr@sh Posted January 22, 2009 Report Share Posted January 22, 2009 Turn off system restore, delete everything in %TMP% , download and install spybotS&D from cnet.com, reboot in safemode and run a full system scan. If you need help with any of that pm me. Quote My old install at cardomain, never finished! Link to comment Share on other sites More sharing options...
///Alpine91 Posted January 22, 2009 Author Report Share Posted January 22, 2009 K im running an Avast scan right now then i'll post up another hijackthis log right after Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.