+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56)
+---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48)
+---- Thread: hijackthis log (/showthread.php?tid=6909)
hijackthis log - andrewjs18 - 05-08-2010
here's my log..let me know if you guys find anything I missed. thanks!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:52:50 PM, on 5/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Tall Emu\Online Armor\OAcat.exe
F:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Tall Emu\Online Armor\oaui.exe
F:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
F:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Program Files\Digsby\lib\digsby-app.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
F:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [@OnlineArmor GUI] "F:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: ScreenHunter 5.1 Free.lnk = F:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - F:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - F:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 6130 bytes
RE: hijackthis log - ndee - 05-08-2010
I have no experience in HJT really, but logically, these look like the problem:
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
RE: hijackthis log - andrewjs18 - 05-08-2010
(05-08-2010, 11:19 AM)ndee Wrote: I have no experience in HJT really, but logically, these look like the problem:
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
that's a program that runs as an anti-cheat for a few games I play..it should be legit.
RE: hijackthis log - Nemmyy - 05-08-2010
you can delete this if you want
Code:
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)but I'm not officially trained so wait for someone else to give the final OK
RE: hijackthis log - Harvey - 05-08-2010
Give me a minute to check over it. Actually, I've got a load of work to get through - someone else, please take the time to look into this. If no one replies, I'll try to find the time today.
Cheers.
RE: hijackthis log - Eagle - 05-09-2010
Can we post in HJT logs? if we arent officially trained?
RE: hijackthis log - Harvey - 05-09-2010
As of now, there aren't any rules about who can post replies. OP, I would only recommend following instructions by trained members, however.
RE: hijackthis log - AsSaSs@iN - 05-10-2010
@OP follow these instructions:
Step 1
Please run HijackThis, click Do a system scan only, and place a check next to the following line(s) if present:
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Then, close all other open windows and click Fix Checked. A reboot may be required.
Step 2
Please perform a Kaspersky Online Scan of your computer by clicking here.
An alternative link to the Kaspersky Online Scan Tool can be found here.
You will be taken to a web page. It will look like this:
![[Image: KasperskyOnlineScanPic.jpg]](http://i625.photobucket.com/albums/tt335/JonTom_2009/KasperskyOnlineScanPic.jpg)
- Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run (at times it may appear to stall).
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Once the scan is complete, click on View scan report. To obtain the report:
- Click on: Save Report As
- Next, in the Save as prompt, Save in area, select: Desktop
- In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:Text file [*.txt]
- Then, click: Save
- Please post the Kaspersky Online Scanner Report in your reply.
- If you need help performing the above steps, an animated tutorial can be found here.
RE: hijackthis log - Harvey - 05-10-2010
Follow SuperFly's instructions - he's heavily qualified.