My Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 8:52:42 PM, on 2/1/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16574)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\Program Files\Windows Defender\MsMpEng.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\system32\VTTimer.exe


C:\WINDOWS\system32\VTtrayp.exe


C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe


C:\Program Files\iTunes\iTunesHelper.exe


C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe


C:\Program Files\Windows Defender\MSASCui.exe


C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


C:\WINDOWS\AGRSMMSG.exe


C:\Program Files\iPod\bin\iPodService.exe


C:\Program Files\Mozilla Firefox\firefox.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rundll16.exe C:\WINDOWS\system32\c_10083.nls


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll


O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll


O4 - HKLM\..\Run: [VTTimer] VTTimer.exe


O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe


O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"


O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"


O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide


O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe


O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html


O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html


O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html


O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html


O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll


O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe


O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--


End of file - 5649 bytes


this is my log file help please is there any virus or adware?

Comments

  • Hello,


    Please e-mail me the file C:\WINDOWS\system32\c_10083.nls in a password-protected archive (don't forget to tell the password) to check it.

  • Hello,


    Please e-mail me the file C:\WINDOWS\system32\c_10083.nls in a password-protected archive (don't forget to tell the password) to check it.


    i dont know what it is so idont know the password.


    u still want the files?

  • Hello Chondo,


    What Lirima meant is that you should put the file in an archive, and protect that archive with a password (preferably the password infected), then e-mail the archive. Or you can attach the archive on this forum, in a reply to this post.


    If you don't know how to make a password-protected archive, read this: http://forum.bitdefender.com/index.php?showtopic=84


    Cris.

  • the file don't exist anymore when i search!?

  • Hello Chondo,


    Please make sure that you can see the hidden files when you search for C:\WINDOWS\system32\c_10083.nls.


    (Go to My Computer -> Tools ->Folder Options -> View -> click Show hidden files and folders.


    Afterwards, search for the file from My Computer.)


    If there is no c_10083.nls, it is very possible for the file to have been deleted from the computer. (But a RootkitRevealer log may be useful to see if it is not hidden by a rootkit.)

  • Please make sure that you can see the hidden files when you search for C:\WINDOWS\system32\c_10083.nls.


    (Go to My Computer -> Tools ->Folder Options -> View -> click Show hidden files and folders.


    Afterwards, search for the file from My Computer.)


    Besides this option, un-check also the option Hide protected operating system files. Read THIS for details.


    Cris.

  • i cant seem to uncheck" do not show hidden file and folders"


    im running a windows xp home edition version 2000 service pack 2


    so how?

  • i cant seem to uncheck" do not show hidden file and folders"


    im running a windows xp home edition version 2000 service pack 2


    so how?


    Try this:


    Go to start-search-click all files and folders - click more advanced options and check: search system folders, search hidden files and folders and search subfolders- -type the name of the file without extension up the upper box click on search. If it works in the right panel you get the file. You can copy it from there to another folder . Then repeat the search. Find your copy and archive it from there.