Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Random movements, screen flashing etc
#1
here's my HJT log.

Just tell me if its infected or not.

Thank you!

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:58 AM, on 10/8/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Y:\Program Files\StarCraft II\Versions\Base16605\SC2.exe
Y:\Program Files\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5036 bytes
Reply
#2
Greetings,

Whilst I am in the process of scrutinizing your complete set of provided logs for any possible infections or problems, I ask for your forbearance. Understand that the process of analysis requires time and careful examination hence the need for a cautious response. Accuracy is of the essence. Once I come across infections, I shall present the finest methods of removal for your convenience.

In return for this service, I propose to you two conditions:
  1. You are not to create any new threads regarding the similar topic as it will waste another helper's time.
  2. You are not to install any new software in your system, as it may hinder our process thus making this futile.
In accordance to my terms, I also ask of you six things, stated below:
  1. You are not to modify the logs in any way. Failure to do so will instantly deprive you of this service.
  2. You are to paste each log separately at PasteBin as it is. That is correct, no syntax highlighting, no editing - just the log purely. Post back the links for each log. You shall not hide them under spoiler codes.
  3. You are to provide the complete set of requested logs.
  4. You are to respond to every step I ask you to do using the format provided at the end of my post.
  5. You agree that I have the right to discontinue the analysis at any time, upon a violation of a single rule.
Provided that you will continue with this service, you hereby agree to the above statements. If you deem the conditions are portraying equality, I will willingly perform the analysis without further delay. Should you have any concerns or problems with the above conditions, or if you feel that I have overlooked your log, do inform me through a Private Message by clicking 'this'.

Thank you.

Genuinely yours,
Paradoxum
  • Pre-Step

    Click 'here' to download Temp File Cleaner (TFC) by OldTimer. Save it to your Desktop.
    • Please ensure that there are no other applications running. Be sure to save any unsaved work before running TFC as it will close everything.
    • Double-click TFC.exe and select 'Allow' when prompted to execute the program.
    • Press the 'Start' button.
    • When finished, if any files need to be removed by a reboot you will be asked to reboot. Otherwise the desktop will be restored.
    • Select 'OK' when prompted to reboot.
  • Prerequisite

    Your current version of HijackThis is out of date.
    • Download the latest HijackThis Installer from Trend Micro by clicking 'here'. Save it to your Desktop.
    • Double-click the HijackThis icon. Click Run when prompted.
    • By default, it will install to C:\Program Files\Trend Micro\HijackThis and will create a shorcut in your Desktop.
    • Upon running the program, click Accept to agree to the License Agreement.
    • Close HijackThis.

    If you are having a problem running HijackThis as Administrator, please follow the steps below.
    • Go to My Computer and navigate to your default disc drive (C: is the most common).
    • Go to Program Files > Trend Micro > HijackThis.
    • Right-click HiJackThis.exe and run it as Administrator.
  • Step 1

    Please run HijackThis. Click 'Do a system scan only' and place a check next to the following line(s) if present:

    F2 - REGConfusedystem.ini: UserInit=userinit.exe

    Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.
  • Step 2

    Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
    • Double-click esetsmartinstaller_enu.exe to execute the program.
    • Tick 'YES, I accept the Terms of Use'.
    • Click 'Start'.
    • If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
    • Database download may take some time.
    • When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
      • Scan for potentially unwanted applications
      • Enable Anti-Stealth Technology
    • Click 'Start'.
    • Wait for the scan to finish.
    • Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
    • Copy and paste that log as a reply to this topic.
  • Step 3
    • Please download Malwarebytes' Anti-Malware 'here'.
    • Double-click mbam-setup-1.45.exe to install the application.
    • Make sure a checkmark is placed next to 'Malwarebytes' Anti-Malware' and 'Launch Malwarebytes' Anti-Malware', then click 'Finish'.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Full Scan', then click 'Scan'. The scan may take some time to finish, so please be patient.
    • When the scan is complete, click 'OK', then 'Show Results' to view the results.
    • Make sure that everything is checked, and click 'Remove Selected'.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
    • The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the 'Logs' tab in the interface.
    • Copy and paste the entire report in your next reply.
  • Step 4

    Download DDS.scr by sUBs from one of the following links & save it to your desktop.
    Link 1
    Link 2
    • Double-Click on dds.scr and a command window will appear. This is normal
    • Shortly after two logs will appear, DDS.txt & Attach.txt
    • A window will open instructing you save & post the logs.
    • Save the logs to a convenient place such as your desktop.
    • Copy the contents of both logs & post in your next reply.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • Deckard's System Scanner (DDS) Logs
      • DDS.txt
      • Attach.txt
    • ESET Scan Log
    • Malwarebytes' Anti-Malware Scan Log
  • Format of Response

    As part of my service terms, you are to fill this up everytime you respond to your log. Copy and paste the content inside the code box and write directly after the closing tags. Do not add spaces as they are already provided. An exception applies to the numbers, as they are to be written after the # sign.

    Step #1: Change the number accordingly.
    Problems Encountered: Put N/A if the operation went smoothly.

    Link To Requested Logs: Post the links to the logs I have asked you to produce.

  • Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)