Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
petesar
new user


Reg'd: Sun
Posts: 6
Re: pc slowing down
      Sun May 11 2008 05:05 PM
Reply to this post Reply   Reply to this post Quote  

Malwarebytes' Anti-Malware 1.12
Database version: 739

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 102231
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\yayxyayv.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f76e1d93-237a-4e93-b1b2-b1511ae92af8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f76e1d93-237a-4e93-b1b2-b1511ae92af8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMdbf49907 (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxyayv -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxyayv -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\yayxyayv.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\vyayxyay.ini (Trojan.Vundo) -> No action taken.
C:\Windows\System32\vyayxyay.ini2 (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193238-226.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193313-338.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193348-645.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193744-328.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-193847-569.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-194250-824.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-202351-744.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-202405-946.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-211735-568.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-211936-669.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080510-211954-417.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080511-121942-996.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080511-163619-350.dll (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0000fa64 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0000fd42 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00010a3c (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp000116da (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0001186f (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00011a34 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00011d9d (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp000120a9 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp000122ea (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00012413 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0001271f (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00014098 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp0002274e (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00028880 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp00030270 (Trojan.Vundo) -> No action taken.
C:\Users\Pete\AppData\Local\Temp\tmp000929fc (Trojan.Vundo) -> No action taken.
C:\Windows\System32\evrndtsm.dll (Trojan.Agent) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:25, on 11/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 4814 bytes

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* pc slowing down petesar Sun May 11 2008 12:44 PM
. * * Re: pc slowing down ourwilly   Sun May 11 2008 03:38 PM
. * * Re: pc slowing down petesar   Sun May 11 2008 04:58 PM
. * * Re: pc slowing down petesar   Sun May 11 2008 05:05 PM
. * * Re: pc slowing down ourwilly   Sun May 11 2008 05:33 PM
. * * Re: pc slowing down petesar   Sun May 11 2008 05:50 PM
. * * Re: pc slowing down ourwilly   Sun May 11 2008 05:59 PM
. * * Re: pc slowing down petesar   Sun May 11 2008 06:07 PM
. * * Re: pc slowing down ourwilly   Sun May 11 2008 09:28 PM
. * * Re: pc slowing down petesar   Sun May 11 2008 10:14 PM

Extra information
1 registered and 16 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved