Jump to content


Photo

HijackThis log


  • Please log in to reply
4 replies to this topic

#1 Kit-Tsukasa

Kit-Tsukasa

    -desu

  • Retired
  • PipPipPipPipPip
  • 10929 posts
  • Gender:Male
  • Interests:Watching anime since childhood.
    I wait for quality releases. Need recommendations? Just ask.

    Lurked Fansub TV since November 2004
    Joined Fansub TV Forums in December 2005
    Sempai in June 2006
    Fansub TV Team in October 2006
    10000th post in July 2011
    Fansub TV Leader in January 2011

    Interested in revitalizing Fansub TV Forums. Support requested.

Posted 01 June 2010 - 09:08 PM

So as a follow up to my cd/dvd drive disappearance yesterday, I'm now getting this notice from symantec antivirus every 5 minutes saying "symantec needs to reboot to complete remediation." I have attached a hijackthis log and was wondering if anyone could figure out what's wrong.
Oh and don't tell me to completely remove symantec since I can't access internet at school without it due to a security/firewall check.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:00:28 PM, on 01/06/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Symantec AntiVirus\SavUI.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [onptaune] C:\Users\[]\AppData\Local\qklxmklbm\bmrwsputssd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11430 bytes


#2 NeoScott

NeoScott

    -san

  • Kouhais
  • PipPipPip
  • 212 posts
  • Location:Canada

Posted 02 June 2010 - 04:15 AM

Not %100 sure. I'd need some time with the computer to know for sure.

I would try running this: http://www.bleepingc...to-use-combofix

Reset you computer in safe mode(f8 after post), run this program, it will take time, Also it might want you to download a few things, don't bother, they're not needing (Windows defender etc). also run any other Anti-Virus/Malware/spyware programs you might have.

After that, if you can, reinstall your symantec software, make sure you use there removal tool to un-install as windows wont properly remove the program.

If that doesn't solve, I'll need more info.

Edited by NeoScott, 02 June 2010 - 04:17 AM.

May you love one forever.

Anime I've seen(Updated):

.hack//Sign
Afro Samurai
Ah! My Goddess
Akane-iro ni Somaru Saka
Akira
Aoi Hana
Asu no Yoichi
Asura Cryin'
Baccano!
Bakemonogatari
BECK: Mongolian Chop Squad
Black Lagoon
Blood +
Blue Drop
Candy Boy
Cannan
Chaos Head
Chobits
Chrome Shelled Regios
D.N.Angel
Da Capo
Darker Than Black
Death Note
Desert Punk
Detriot Metal City
Devil May Cry
Eden of the East
EF A Tale of Melodies
EF A Tale of Memories
Elfen lied
Escaflowne
Eureka 7
Eve no Jikan
Full Metal Panic! 1/2/3
Ghost in the Shell: Stand Alone Complex/2nd GIG
Girls Bravo
Gravitation
Gundamn Wing
Gungrave
H2O - foot prints in the sand
Hellsing
His And Her Circumstances
Ichigo 100%
Inukami!
InuYasha
Itazura na Kiss
Kampfer
Kanamemo
Kannagi
Kannagi
Kanokon
Kashimashi Girl Meets Girl
Kimi Ga Nozomu Eien
Kimikiss
Kiss x sis
Knights of the Zodiac
Kodomo No Jikan
Koihime Musou
K-on
Ladies Vs Bulters
Lovley complex
Macademi Wasshoi
Macross Frontier
Maid Guy
Maria Holic
Maria Holic
Melancholy of Haruhi Suzumiya I/II
Moetan
Myself yourSelf
Negima!: Magister Negi Magi
Neon Genesis Evangelion
Nodame Cantabile
Nodame Cantabile: Paris Chapter
Nogizaka haruka no himitsu
Omamori Himari
Pet Shop of Horror
Please Teacher
Princess lover
Queen's Blade
R.O.D the TV
Roario Vamprie I/IIS
Sasameki Koto
Sayonara Zetsubou Sensei 1/2/2.5/3
School days
Sekirei
Seto no Hanayome
Shinkyoku Soukai Polyphonica Crimson S
Sono Hanabira ni Kuchizuke wo Anata wo Sukina Shiawase
Sora no Otoshimono
spice and wolf I/II
Strawberry panic
Strike Witches
toheart
Toradora
Trigun
True Tears
valkyria chronicles
Venture brothers 1/2/3
X:Movie
Zero no Tsukaima

#3 Primula

Primula

    -プリムラ こいびと

  • Fansub TV Team
  • PipPipPipPipPip
  • 1937 posts
  • Gender:Not Telling
  • Location:Primula's house ^_^
  • Interests:Anime, loli(lol), origami, game, drawing expecailly anime girl, computers, etc... making animated sig
    Girls in anime characteristic that I usually like. Kuudere, Tsundere,& certain unique type

Posted 02 June 2010 - 09:06 AM

I really dont like this entry...

O4 - HKCU\..\Run: [onptaune] C:\Users\[]\AppData\Local\qklxmklbm\bmrwsputssd.exe

anything with random letter is aways bad...

there other entry in there i dont like but i google some of them apparently other ppl have them and other ppl didnt say anything about them....

so fix that one lol...

As for combofix it really should be only used when the comp is badly infected...

but a virus scan with malwarebtyes and super antispyware might help...






Come check out the Gif Thread

Ecchi Pic 1 Torrent...Torrent Link Ecchi Pic 2 TORRENT!! Torrent Link Ecchi Pic 1-3 YEAH!!!

#4 Kit-Tsukasa

Kit-Tsukasa

    -desu

  • Retired
  • PipPipPipPipPip
  • 10929 posts
  • Gender:Male
  • Interests:Watching anime since childhood.
    I wait for quality releases. Need recommendations? Just ask.

    Lurked Fansub TV since November 2004
    Joined Fansub TV Forums in December 2005
    Sempai in June 2006
    Fansub TV Team in October 2006
    10000th post in July 2011
    Fansub TV Leader in January 2011

    Interested in revitalizing Fansub TV Forums. Support requested.

Posted 02 June 2010 - 06:01 PM

QUOTE (Kansatsusha-sama @ Jun 02 2010, 02:06 AM)
I really dont like this entry...

O4 - HKCU\..\Run: [onptaune] C:\Users\[]\AppData\Local\qklxmklbm\bmrwsputssd.exe

anything with random letter is aways bad...

I saw that and already deleted that file before I ran this scan...I wonder why it's still there.

#5 NeoScott

NeoScott

    -san

  • Kouhais
  • PipPipPip
  • 212 posts
  • Location:Canada

Posted 02 June 2010 - 06:08 PM

Deleting it doesn't solve the problem.
May you love one forever.

Anime I've seen(Updated):

.hack//Sign
Afro Samurai
Ah! My Goddess
Akane-iro ni Somaru Saka
Akira
Aoi Hana
Asu no Yoichi
Asura Cryin'
Baccano!
Bakemonogatari
BECK: Mongolian Chop Squad
Black Lagoon
Blood +
Blue Drop
Candy Boy
Cannan
Chaos Head
Chobits
Chrome Shelled Regios
D.N.Angel
Da Capo
Darker Than Black
Death Note
Desert Punk
Detriot Metal City
Devil May Cry
Eden of the East
EF A Tale of Melodies
EF A Tale of Memories
Elfen lied
Escaflowne
Eureka 7
Eve no Jikan
Full Metal Panic! 1/2/3
Ghost in the Shell: Stand Alone Complex/2nd GIG
Girls Bravo
Gravitation
Gundamn Wing
Gungrave
H2O - foot prints in the sand
Hellsing
His And Her Circumstances
Ichigo 100%
Inukami!
InuYasha
Itazura na Kiss
Kampfer
Kanamemo
Kannagi
Kannagi
Kanokon
Kashimashi Girl Meets Girl
Kimi Ga Nozomu Eien
Kimikiss
Kiss x sis
Knights of the Zodiac
Kodomo No Jikan
Koihime Musou
K-on
Ladies Vs Bulters
Lovley complex
Macademi Wasshoi
Macross Frontier
Maid Guy
Maria Holic
Maria Holic
Melancholy of Haruhi Suzumiya I/II
Moetan
Myself yourSelf
Negima!: Magister Negi Magi
Neon Genesis Evangelion
Nodame Cantabile
Nodame Cantabile: Paris Chapter
Nogizaka haruka no himitsu
Omamori Himari
Pet Shop of Horror
Please Teacher
Princess lover
Queen's Blade
R.O.D the TV
Roario Vamprie I/IIS
Sasameki Koto
Sayonara Zetsubou Sensei 1/2/2.5/3
School days
Sekirei
Seto no Hanayome
Shinkyoku Soukai Polyphonica Crimson S
Sono Hanabira ni Kuchizuke wo Anata wo Sukina Shiawase
Sora no Otoshimono
spice and wolf I/II
Strawberry panic
Strike Witches
toheart
Toradora
Trigun
True Tears
valkyria chronicles
Venture brothers 1/2/3
X:Movie
Zero no Tsukaima




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users