HijackThis Log - Antivirus XP

  • perkins133
  • Born
  • Born
  • perkins133
  • Posts: 1

Post 3+ Months Ago

Somehow I got antivirus xp, i think it may have hidden my adaware and spybot, and it also corrupted firefox. Here's my log, thanks in advance

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:33:09 PM, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\lphc9jej0e9b5.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HiJackThis_v2.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphc9jej0e9b5] C:\WINDOWS\system32\lphc9jej0e9b5.exe
O4 - HKLM\..\Run: [inrhccjej0e9b5] C:\Documents and Settings\Administrator\Local Settings\Temp\.tt1F.tmp.exe /CR=5F8C0875B49BA02BB503A8EC828A17BCC66930F8B05B43AFE715607DA92AF64B75301CFF78DA4A84E5F5BD75D677780FFCE6E833D48BCE1D9D393D27410B8FEA5C225932B2A864E35A9AAD83FF0CF45F77
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3016 bytes
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

C:\WINDOWS\system32\lphc9jej0e9b5.exe

O4 - HKLM\..\Run: [lphc9jej0e9b5] C:\WINDOWS\system32\lphc9jej0e9b5.exe

O4 - HKLM\..\Run: [inrhccjej0e9b5] C:\Documents and Settings\Administrator\Local Settings\Temp\.tt1F.tmp.exe
  • LINE71X
  • Beginner
  • Beginner
  • LINE71X
  • Posts: 53

Post 3+ Months Ago

im sorry to warn you but i also had xp antivirus 2008 on my previous windows xp pro

It installs a rootkit.

You can scan with rootrepeal and see something called tdssserve.sys

I suggest you format and reinstall windows -This is what i did. I fixed everything.

That winxp 2008 is very hard to get rid of

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 42 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.