I think I'm being hacked

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Kenneedshelp

Thread Starter
Joined
Apr 11, 2010
Messages
20
My reason for thinking I'm being hacked is I've been having problem with an e stalker this person managed to send out a copy of an instant message conversation I had, so he either hacked me or the other persons pc!! I have done a netstat and found a few not sure abouts, one is wy-in-f154, on looking this up some say it malware/rootkit?????? Below is the results from a netstat. Can someone please help??? I've tried a few anti rootkits but some won't work with Vista 64.

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Ken>netstat
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.2:49168 a88-221-88-51:http CLOSE_WAIT
TCP 192.168.1.2:49169 a88-221-88-51:http CLOSE_WAIT
TCP 192.168.1.2:49289 213.199.164.110:http ESTABLISHED
TCP 192.168.1.2:49291 65.55.149.121:http ESTABLISHED
TCP 192.168.1.2:49292 84.53.134.18:http ESTABLISHED
TCP 192.168.1.2:49293 213.199.141.139:http ESTABLISHED
TCP 192.168.1.2:49294 213.199.141.140:http ESTABLISHED
TCP 192.168.1.2:49296 213.199.141.140:http ESTABLISHED
TCP 192.168.1.2:49298 ww-in-f149:http ESTABLISHED
TCP 192.168.1.2:49302 ww-in-f149:http ESTABLISHED
TCP 192.168.1.2:49305 84.53.134.16:http ESTABLISHED
TCP 192.168.1.2:49309 gv-in-f105:http ESTABLISHED
TCP 192.168.1.2:49310 wy-in-f101:http ESTABLISHED
TCP 192.168.1.2:49311 ww-in-f101:http ESTABLISHED
TCP 192.168.1.2:49312 72.52.248.159:http ESTABLISHED
TCP 192.168.1.2:49313 72.52.248.159:http ESTABLISHED
TCP 192.168.1.2:49314 72.52.248.159:http ESTABLISHED
TCP 192.168.1.2:49315 72.52.248.159:http ESTABLISHED
TCP 192.168.1.2:49316 72.52.248.159:http ESTABLISHED
TCP 192.168.1.2:49317 72.52.248.159:http ESTABLISHED
TCP 192.168.1.2:49319 ww-in-f156:http ESTABLISHED
TCP 192.168.1.2:49320 ww-in-f165:http ESTABLISHED
TCP 192.168.1.2:49321 ww-in-f156:http ESTABLISHED
TCP 192.168.1.2:49323 cdce:http ESTABLISHED
TCP 192.168.1.2:49324 host:http ESTABLISHED
TCP 192.168.1.2:49326 mojofarm:http ESTABLISHED
TCP 192.168.1.2:49327 ww-in-f102:http ESTABLISHED
TCP 192.168.1.2:49328 img:http ESTABLISHED
TCP 192.168.1.2:49329 ww-in-f102:http ESTABLISHED
TCP 192.168.1.2:49331 img:http ESTABLISHED
TCP 192.168.1.2:49332 84.53.134.117:http ESTABLISHED
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,234
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under Attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,234
Sorry, I thought it did.

Since you seem to know how to run netstat commands, can you run this command and post those results please?

netstat -o
 

Kenneedshelp

Thread Starter
Joined
Apr 11, 2010
Messages
20
Cookiegal,

just tried to run sysprot again after clicking the create log I get an error "failed to startstart service. sysprot need to be run with admin privileges!" I did right click selecting run as administrator!

Your requested netstat -o result:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Ken>netstat -o
Active Connections
Proto Local Address Foreign Address State PID
TCP 127.0.0.1:49375 Ken-PC:49376 ESTABLISHED 3708
TCP 127.0.0.1:49376 Ken-PC:49375 ESTABLISHED 3708
TCP 192.168.1.2:2869 192.168.1.1:3210 ESTABLISHED 4
TCP 192.168.1.2:49166 a88-221-88-57:http CLOSE_WAIT 4092
TCP 192.168.1.2:49167 a88-221-88-57:http CLOSE_WAIT 4092
TCP 192.168.1.2:49176 spike9246:http CLOSE_WAIT 2856
TCP 192.168.1.2:49372 by2msg4010611:msnp ESTABLISHED 3708
TCP 192.168.1.2:49497 81.23.243.145:http ESTABLISHED 6104
TCP 192.168.1.2:49498 65.55.149.123:http ESTABLISHED 6104
TCP 192.168.1.2:49499 213.199.141.140:http ESTABLISHED 6104
TCP 192.168.1.2:49500 213.199.141.139:http ESTABLISHED 6104
TCP 192.168.1.2:49502 ww-in-f148:http ESTABLISHED 6104
TCP 192.168.1.2:49503 ww-in-f148:http ESTABLISHED 6104
TCP 192.168.1.2:49504 213.199.141.139:http ESTABLISHED 6104
C:\Users\Ken>
 

Kenneedshelp

Thread Starter
Joined
Apr 11, 2010
Messages
20
Cookiegal,
Managed to get the sysprot to run, please see log below:
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Processes found
******************************************************************************************
******************************************************************************************
No Kernel Modules found
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: KEN-PC:49517
Remote Address: LB2.COLLECTIVE-MEDIA.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT
Local Address: KEN-PC:49372
Remote Address: BY2MSG4010611.PHX.GBL:MSNP
Type: TCP
Process: 3708 (PID)
State: ESTABLISHED
Local Address: KEN-PC:49176
Remote Address: SPIKE9246.MALWAREBYTES.ORG:HTTP
Type: TCP
Process: 2856 (PID)
State: CLOSE_WAIT
Local Address: KEN-PC:49167
Remote Address: A88-221-88-57.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 4092 (PID)
State: CLOSE_WAIT
Local Address: KEN-PC:49166
Remote Address: A88-221-88-57.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 4092 (PID)
State: CLOSE_WAIT
Local Address: KEN-PC:ICSLAP
Remote Address: 192.168.1.1:3210
Type: TCP
Process: 4 (PID)
State: ESTABLISHED
Local Address: KEN-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING
Local Address: KEN-PC:49376
Remote Address: LOCALHOST:49375
Type: TCP
Process: 3708 (PID)
State: ESTABLISHED
Local Address: KEN-PC:49375
Remote Address: LOCALHOST:49376
Type: TCP
Process: 3708 (PID)
State: ESTABLISHED
Local Address: KEN-PC:49375
Remote Address: 0.0.0.0:0
Type: TCP
Process: 3708 (PID)
State: LISTENING
Local Address: KEN-PC:49158
Remote Address: 0.0.0.0:0
Type: TCP
Process: 488 (PID)
State: LISTENING
Local Address: KEN-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: 504 (PID)
State: LISTENING
Local Address: KEN-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1676 (PID)
State: LISTENING
Local Address: KEN-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1556 (PID)
State: LISTENING
Local Address: KEN-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1516 (PID)
State: LISTENING
Local Address: KEN-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: 960 (PID)
State: LISTENING
Local Address: KEN-PC:10243
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING
Local Address: KEN-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING
Local Address: KEN-PC:ICSLAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING
Local Address: KEN-PC:RTSP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4536 (PID)
State: LISTENING
Local Address: KEN-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING
Local Address: KEN-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1424 (PID)
State: LISTENING
Local Address: KEN-PC:59830
Remote Address: NA
Type: UDP
Process: 1752 (PID)
State: NA
Local Address: KEN-PC:SSDP
Remote Address: NA
Type: UDP
Process: 1752 (PID)
State: NA
Local Address: KEN-PC:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA
Local Address: KEN-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA
Local Address: KEN-PC:DISCARD
Remote Address: NA
Type: UDP
Process: 3708 (PID)
State: NA
Local Address: KEN-PC:62143
Remote Address: NA
Type: UDP
Process: 3484 (PID)
State: NA
Local Address: KEN-PC:60821
Remote Address: NA
Type: UDP
Process: 3672 (PID)
State: NA
Local Address: KEN-PC:59831
Remote Address: NA
Type: UDP
Process: 1752 (PID)
State: NA
Local Address: KEN-PC:55951
Remote Address: NA
Type: UDP
Process: 1556 (PID)
State: NA
Local Address: KEN-PC:55200
Remote Address: NA
Type: UDP
Process: 5544 (PID)
State: NA
Local Address: KEN-PC:53435
Remote Address: NA
Type: UDP
Process: 6104 (PID)
State: NA
Local Address: KEN-PC:51930
Remote Address: NA
Type: UDP
Process: 3708 (PID)
State: NA
Local Address: KEN-PC:49475
Remote Address: NA
Type: UDP
Process: 3804 (PID)
State: NA
Local Address: KEN-PC:49286
Remote Address: NA
Type: UDP
Process: 3708 (PID)
State: NA
Local Address: KEN-PC:SSDP
Remote Address: NA
Type: UDP
Process: 1752 (PID)
State: NA
Local Address: KEN-PC:54207
Remote Address: NA
Type: UDP
Process: 1752 (PID)
State: NA
Local Address: KEN-PC:LLMNR
Remote Address: NA
Type: UDP
Process: 1924 (PID)
State: NA
Local Address: KEN-PC:5005
Remote Address: NA
Type: UDP
Process: 4536 (PID)
State: NA
Local Address: KEN-PC:5004
Remote Address: NA
Type: UDP
Process: 4536 (PID)
State: NA
Local Address: KEN-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: 1556 (PID)
State: NA
Local Address: KEN-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1752 (PID)
State: NA
Local Address: KEN-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1752 (PID)
State: NA
Local Address: KEN-PC:664
Remote Address: NA
Type: UDP
Process: 3352 (PID)
State: NA
Local Address: KEN-PC:623
Remote Address: NA
Type: UDP
Process: 3352 (PID)
State: NA
Local Address: KEN-PC:500
Remote Address: NA
Type: UDP
Process: 1556 (PID)
State: NA
Local Address: KEN-PC:123
Remote Address: NA
Type: UDP
Process: 1752 (PID)
State: NA
******************************************************************************************
******************************************************************************************
No hidden files/folders found
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,234
Please do the following command:

netstat -an

And post that log and also do the following please:

Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Kenneedshelp

Thread Starter
Joined
Apr 11, 2010
Messages
20
netstat -an

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Ken>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49375 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49375 127.0.0.1:49376 ESTABLISHED
TCP 127.0.0.1:49376 127.0.0.1:49375 ESTABLISHED
TCP 192.168.1.2:139 0.0.0.0:0 LISTENING
TCP 192.168.1.2:2869 192.168.1.1:3210 ESTABLISHED
TCP 192.168.1.2:49166 88.221.88.57:80 CLOSE_WAIT
TCP 192.168.1.2:49167 88.221.88.57:80 CLOSE_WAIT
TCP 192.168.1.2:49372 207.46.124.58:1863 ESTABLISHED
TCP 192.168.1.2:50022 94.127.75.60:80 CLOSE_WAIT
TCP 192.168.1.2:50231 216.239.59.103:80 CLOSE_WAIT
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:554 [::]:0 LISTENING
TCP [::]:2869 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:10243 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49156 [::]:0 LISTENING
TCP [::]:49158 [::]:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:623 *:*
UDP 0.0.0.0:664 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5004 *:*
UDP 0.0.0.0:5005 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:54207 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49286 *:*
UDP 127.0.0.1:49475 *:*
UDP 127.0.0.1:51930 *:*
UDP 127.0.0.1:52939 *:*
UDP 127.0.0.1:53435 *:*
UDP 127.0.0.1:55200 *:*
UDP 127.0.0.1:55951 *:*
UDP 127.0.0.1:55972 *:*
UDP 127.0.0.1:57184 *:*
UDP 127.0.0.1:59831 *:*
UDP 127.0.0.1:60821 *:*
UDP 127.0.0.1:62143 *:*
UDP 192.168.1.2:9 *:*
UDP 192.168.1.2:137 *:*
UDP 192.168.1.2:138 *:*
UDP 192.168.1.2:1900 *:*
UDP 192.168.1.2:59830 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5004 *:*
UDP [::]:5005 *:*
UDP [::]:5355 *:*
UDP [::]:54208 *:*
UDP [::1]:1900 *:*
UDP [::1]:59828 *:*
UDP [fe80::43b:3e3b:3f57:fefd%11]:1900 *:*
UDP [fe80::43b:3e3b:3f57:fefd%11]:59829 *:*
UDP [fe80::7db9:42ad:3a40:b632%10]:546 *:*
UDP [fe80::7db9:42ad:3a40:b632%10]:1900 *:*
UDP [fe80::7db9:42ad:3a40:b632%10]:59827 *:*
UDP [fe80::e5e1:d122:2be7:e442%13]:1900 *:*
UDP [fe80::e5e1:d122:2be7:e442%13]:59826 *:*
C:\Users\Ken>

HJT in a min
 

Kenneedshelp

Thread Starter
Joined
Apr 11, 2010
Messages
20
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:33, on 11/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\vsnp2std.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp2std.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /nosplash
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://chat0.swingingheaven.co.uk
O15 - Trusted Zone: http://www.swingingheaven.co.uk
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader57.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12822 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,234
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 

Kenneedshelp

Thread Starter
Joined
Apr 11, 2010
Messages
20
As requested malwarebyte quick scan results:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
12/04/2010 11:12:52
mbam-log-2010-04-12 (11-12-52).txt
Scan type: Quick scan
Objects scanned: 107695
Time elapsed: 4 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 

Kenneedshelp

Thread Starter
Joined
Apr 11, 2010
Messages
20
Cookiegall, I have kept the HJT open since sending you results, is it ok to close it down now?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top