Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
hijackthis log
#1
here's my log..let me know if you guys find anything I missed. thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:52:50 PM, on 5/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Tall Emu\Online Armor\OAcat.exe
F:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Tall Emu\Online Armor\oaui.exe
F:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
F:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Program Files\Digsby\lib\digsby-app.exe
C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
F:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [@OnlineArmor GUI] "F:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: ScreenHunter 5.1 Free.lnk = F:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - F:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - F:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6130 bytes
Reply
#2
I have no experience in HJT really, but logically, these look like the problem:

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Reply
#3
(05-08-2010, 11:19 AM)ndee Wrote: I have no experience in HJT really, but logically, these look like the problem:

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

that's a program that runs as an anti-cheat for a few games I play..it should be legit.
Reply
#4
you can delete this if you want
Code:
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

but I'm not officially trained so wait for someone else to give the final OK
Reply
#5
Give me a minute to check over it. Actually, I've got a load of work to get through - someone else, please take the time to look into this. If no one replies, I'll try to find the time today.

Cheers.
Success is the sum of small efforts, repeated day in and day out.
Reply
#6
Can we post in HJT logs? if we arent officially trained?
[Image: 28jy5v9.png]
Reply
#7
As of now, there aren't any rules about who can post replies. OP, I would only recommend following instructions by trained members, however.
Success is the sum of small efforts, repeated day in and day out.
Reply
#8
@OP follow these instructions:

Step 1
Please run HijackThis, click Do a system scan only, and place a check next to the following line(s) if present:

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


Then, close all other open windows and click Fix Checked. A reboot may be required.

Step 2
Please perform a Kaspersky Online Scan of your computer by clicking here.
An alternative link to the Kaspersky Online Scan Tool can be found here.

You will be taken to a web page. It will look like this:
[Image: KasperskyOnlineScanPic.jpg]
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run (at times it may appear to stall).
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report. To obtain the report:
  • Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:Text file [*.txt]
  • Then, click: Save
  • Please post the Kaspersky Online Scanner Report in your reply.
  • If you need help performing the above steps, an animated tutorial can be found here.
Reply
#9
Follow SuperFly's instructions - he's heavily qualified.
Success is the sum of small efforts, repeated day in and day out.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  HijackThis and how to use it. Skill 26 13,808 02-11-2016, 10:26 AM
Last Post: fgderw4
  HijackThis Pl1A (Professor needed) Grin 27 9,935 06-14-2012, 08:33 PM
Last Post: Retribute
  Many missing files - Hijackthis log kdang2 27 21,509 01-05-2012, 05:10 AM
Last Post: King
  i may be infected can you analyze this otl log please helpplease 6 3,152 11-23-2011, 08:58 PM
Last Post: Brandenx781
  [HJT Log] Suspected virus. TheGeniusism 7 5,018 11-21-2010, 02:34 AM
Last Post: Quintus

Forum Jump:


Users browsing this thread: 1 Guest(s)