HijackThis Log help please.

Discussion in 'Windows - Virus and spyware problems' started by PnerraD, Oct 17, 2006.

  1. PnerraD

    PnerraD Member

    Joined:
    Oct 17, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    i have been receiving a serious error message when i start up windows xp...also my screen/ monitor shuts off by itself. i have to restart in order to get it back on. can someone look at this and tell me if everything looks in order...



    Logfile of HijackThis v1.99.1
    Scan saved at 7:17:06 PM, on 10/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\system32\brsvc01a.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\WINDOWS\system32\brss01a.exe
    H:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    H:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    H:\Program Files\Common Files\AOL\1131506533\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe
    H:\WINDOWS\system32\Brmfrmps.exe
    H:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    H:\WINDOWS\system32\CTsvcCDA.EXE
    H:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    H:\WINDOWS\system32\svchost.exe
    H:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
    H:\WINDOWS\ALCXMNTR.EXE
    H:\WINDOWS\system32\VTTimer.exe
    H:\WINDOWS\AGRSMMSG.exe
    H:\Program Files\Common Files\AOL\1131506533\ee\AOLSoftware.exe
    H:\Program Files\QuickTime\qttask.exe
    H:\Program Files\Common Files\Real\Update_OB\realsched.exe
    H:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    H:\Program Files\Brother\ControlCenter2\brctrcen.exe
    H:\Program Files\Messenger\msmsgs.exe
    H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    H:\Program Files\MySpace\IM\MySpaceIM.exe
    H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    H:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    H:\WINDOWS\System32\svchost.exe
    H:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    h:\program files\common files\aol\1131506533\ee\services\sscAntiSpywarePlugin\ver1_205_1_1\AOLSP Scheduler.exe
    H:\Program Files\Internet Explorer\IEXPLORE.EXE
    h:\program files\common files\aol\1131506533\ee\aolssc.exe
    H:\WINDOWS\system32\NOTEPAD.EXE
    H:\Program Files\America Online 9.0\waol.exe
    H:\Program Files\America Online 9.0\shellmon.exe
    H:\Program Files\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe
    H:\Documents and Settings\COMPAQ\My Documents\Docs\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HostManager] H:\Program Files\Common Files\AOL\1131506533\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] H:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "H:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [sscRun] H:\Program Files\Common Files\AOL\1131506533\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] H:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] H:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] H:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] H:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] H:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MySpaceIM] H:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "H:\Program Files\America Online 9.0\AOL.EXE" -b
    O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Status Monitor.lnk = H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://H:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - H:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .avi: H:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advan...mfrogweb.com-advanced-2.0.1.10_instmodule.exe
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://24.240.197.171/activex/AMC.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O20 - AppInit_DLLs: sfklg.dll
    O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - H:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - H:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - H:\Program Files\Common Files\AOL\1131506533\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - H:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - H:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
     
    PnerraD, Oct 17, 2006
    #1
  2. thugs121

    thugs121 Regular member

    Joined:
    Aug 3, 2004
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    26
    Could you provide a screen shot or a description of the error?

    Did you download a program called: [bold]SoftForYou Keylogger[/bold]?

    The above mention program records keystrokes of what you type. If you did install it, then leave it alone. But if you did not, uninstall it...

    This entry:

    [bold]O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab[/bold]

    is operated by an adult website...

    If you do not know how it got there, you can remove it...

    If you are certain that these were not authorized by you, you can run Hijack This, place a checkmark next to these entries:
    [bold]

    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

    O20 - AppInit_DLLs: sfklg.dll[/bold] <----SoftForYou Keylogger

    If those are irrelevant, go ahead and download AVG AntiSpyware:

    http://www.ewido.net/en/download/

    Install, update...run AVG Ant-Spyware. Select [bold]Scanner[/bold], then select the [bold]Settings[/bold] tab and click on "Recommended Actions", select [bold]Quarantine[/bold]. Click on the [bold]Scan[/bold] tab and select Complete System Scan... The scanning may take a long time depending how big your hard drive is and how much stuff you have...

    After you are done, please post a log from Hijack This and from AVG...
     
    thugs121, Oct 17, 2006
    #2
  3. PnerraD

    PnerraD Member

    Joined:
    Oct 17, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    i did download a keylogger for my computer and its still on here...other than that i think i have fixed the error. thanks for your time and energy.
     
    PnerraD, Oct 17, 2006
    #3
  4. thugs121

    thugs121 Regular member

    Joined:
    Aug 3, 2004
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    26
    no prob
     
    thugs121, Oct 17, 2006
    #4
  5. PnerraD

    PnerraD Member

    Joined:
    Oct 17, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    so thug. what programs can i get to clean my machine up with minimal effort?
     
    PnerraD, Oct 17, 2006
    #5
  6. thugs121

    thugs121 Regular member

    Joined:
    Aug 3, 2004
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    26
    your log is normal...

    without knowing much about the error that you have been seeing, I have no idea on where to start...
     
    thugs121, Oct 17, 2006
    #6

Share This Page