« previous next »
Pages: [1]

Author Topic: My Friend.  (Read 481 times)

Offline is Will 1337?

  • Sr. Member
  • ****
  • Posts: 318
  • Karma: +0/-0
    • View Profile
My Friend.
« on: August 02, 2007, 09:47:11 PM »
I have her log file for HiJackthis.



Logfile of HijackThis v1.99.1
Scan saved at 7:39:51 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\YourScreen\YourScreen.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Carmella\Desktop\hijackthis\HijackThis.exe
c:\program files\aim6\anotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: YourScreen.lnk = C:\Program Files\YourScreen\YourScreen.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156196415484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156197184437
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Logged
[size="5"]



[/size]



 

 



[size="5"][size="6"]SCAMMERS I GOT BANNED[/size]

[/size]

[size="4"]

[color="#0000ff"]PartyhatMan[/color]

[/size]

[size="5"]

[size="4"]Who I vouch

[color="#00ffff"]GAGFRAP[/color]

[color="#00ffff"]JB Lee

leetne55

f41th n h0pe

pu83[/color]



[/size][/size]

Transaction - Sold lvl 87 to Potato_Narf - [color="#00ff00"]Successful[/color][color="#00ff00"] ([/color][color="#000000"]went as planned. recommended)[/color]

Transaction - Sold lvl 4 combat 83 miner to Potato_Narf - [color="#00ff00"]Successful [/color][color="#000000"](went as planned. recommended)[/color]

Transaction - Transferred 2m to Mthrl's account. - [color="#00ff00"]Successful

[/color][color="#000000"]Transaction - Transferred 10m to Mthrl's account. -[/color][color="#00ff00"] Successful

[/color][color="#000000"]Transaction - Sold 43M to Potato Narf - [/color][color="#00ff00"]Successful [/color][color="#000000"](i went first, recommended)[/color]

Transaction - Bought pbp pin for Mattinator - [color="#00ff00"]Successful[/color]

Transaction - Bought lvl 62 Mage Pure from I_1337_K - [color="#ff0000"]SCAMMED [/color][color="#000000"](he recovered a few days later)[/color]

Transaction - I_1337_K Transferred Runes and Sharks For Me - [color="#00ff00"]Successful[/color]

Transaction - Fighter Torso'd a Rune Pure - [color="#00ff00"]Successful[/color]

Transaction - Sold a Sig to Jun10r27 for 200k - [color="#00ff00"]Successful[/color]

Transaction - Sold a Sig to Eh Ah Oh Ey for 250k - [color="#00ff00"]Successful

[/color]Transaction - Had berghaux train my pure for 10k exp - [color="#00ff00"]Successful

[/color]Transaction - Sold AIM screen name "NFL" for 2m to a guest - [color="#00ff00"]Successful

[/color]Transaction - Sold an account to leetne55 for 150k - [color="#00ff00"]Successful

[/color]Transaction - Sold a pure mage to leetne55 for 400k - [color="#00ff00"]Successful

[/color]Transaction - Pur83 got me a firecape for 800k - [color="#00ff00"]Successful (recommended)

[/color]Transaction - Bought SMS from f41th n h0pe - [color="#00ff00"]Successful

[/color]Transaction - Transfered 200k+ for f41th n h0pe -[color="#00ff00"] Successful



[/color]

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
My Friend.
« Reply #1 on: August 03, 2007, 12:50:17 AM »
The topic starter is
Quote
Needs help with a virus.
What virus are you talking about? What troubles are you experiencing?

I do see a couple problems in your log
I would like to see the following
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Also, let me know what problems you are experiencing
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »