1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

hacked

Discussion in 'General Software' started by Braveheart, Apr 24, 2008.

  1. Braveheart

    Braveheart New Member

    Joined:
    Mar 26, 2008
    Messages:
    1,115 (0.48/day)
    Thanks Received:
    46
    so i have been hacked, this is a highjackthis log file after i have cleaned twice with ccleaner, once with super antispyware, once with AVG antispyware, once with ad watch, once with avira and twice with spybots, have windows firewall on, spyware blaster installed and on, linskys WRT300N w/ firewall and this is what i get:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:34:13 PM, on 4/22/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
    C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
    C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files (x86)\EasyCal -- 1\ZSMVGDP.EXE
    C:\Program Files (x86)\Xfire\xfire.exe
    C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 6706 bytes

    how do i get rid of this hijacker?
  2. Braveheart

    Braveheart New Member

    Joined:
    Mar 26, 2008
    Messages:
    1,115 (0.48/day)
    Thanks Received:
    46
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:34:13 PM, on 4/22/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
    C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
    C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files (x86)\EasyCal -- 1\ZSMVGDP.EXE
    C:\Program Files (x86)\Xfire\xfire.exe
    C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 6706 bytes

    i tried fixing it with highjackthis, rebooted, still there. do you guys know what to do?
  3. ex_reven New Member

    Joined:
    Sep 4, 2006
    Messages:
    5,225 (1.81/day)
    Thanks Received:
    171
    What did you try and kill?
  4. Bluefox1115

    Joined:
    Nov 12, 2007
    Messages:
    751 (0.31/day)
    Thanks Received:
    48
    Location:
    RI, USA
    Reformat/ Reinstall Windows my friend.
  5. bembe New Member

    Joined:
    May 5, 2008
    Messages:
    2 (0.00/day)
    Thanks Received:
    0
  6. AsRock

    AsRock TPU addict

    Joined:
    Jun 23, 2007
    Messages:
    10,734 (4.15/day)
    Thanks Received:
    1,635
    Location:
    US
    i've had viruses from this before
    ( Java) C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe

    Ya got a lotta crap starting up there too.
    Last edited: May 7, 2008
  7. Azazel

    Azazel New Member

    Joined:
    Jan 14, 2008
    Messages:
    3,204 (1.34/day)
    Thanks Received:
    163
    Location:
    London, UK
    porn? :p
    what did you download...or go to
  8. antzen

    antzen New Member

    Joined:
    Nov 2, 2005
    Messages:
    40 (0.01/day)
    Thanks Received:
    8
    Location:
    Dresden, Germany
    what program is the problem ?
    hijackthis says
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    can be deleted.
    the rest looks clean :confused:

    i think you are not hacked.

    and "jusched.exe" is the Java Update Scheduler - not critical.
    Last edited: May 7, 2008
  9. Braveheart

    Braveheart New Member

    Joined:
    Mar 26, 2008
    Messages:
    1,115 (0.48/day)
    Thanks Received:
    46
    never even looked at porn...and i am not sure what site i went to:banghead:
  10. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,067 (5.23/day)
    Thanks Received:
    3,502
    Location:
    Florida
    C:\Program Files (x86)\EasyCal -- 1\ZSMVGDP.EXE

    thats scetchy wtf is that?



    peice of advice .exe's with no logical name =high suspicion
  11. AsRock

    AsRock TPU addict

    Joined:
    Jun 23, 2007
    Messages:
    10,734 (4.15/day)
    Thanks Received:
    1,635
    Location:
    US
    Dayum don't believe everyone esle missed that lol...
  12. antzen

    antzen New Member

    Joined:
    Nov 2, 2005
    Messages:
    40 (0.01/day)
    Thanks Received:
    8
    Location:
    Dresden, Germany
    let's look in google :
    ZSMVGDP.EXE - This is the MovieGuard Player program which decrypts the document and displays it to the user. This is always a required program. This is the main program to execute. This program will automatically look for a file called ZSVIDEO.MPI which contains all the information required to run the Movie Player according to the specified parameters.
  13. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,067 (5.23/day)
    Thanks Received:
    3,502
    Location:
    Florida
    whats easy cal than the name of the prog?

    also update w/e antivir you have and set it to do a boot time virus scan...this makes it so if the virus is smart and hides itself it cant because it isnt being init.
    Last edited: May 7, 2008
  14. erocker

    erocker Super Moderator Staff Member

    Joined:
    Jul 19, 2006
    Messages:
    39,517 (13.50/day)
    Thanks Received:
    13,920
    Agreed. This is the only solution that will work completely.
  15. antzen

    antzen New Member

    Joined:
    Nov 2, 2005
    Messages:
    40 (0.01/day)
    Thanks Received:
    8
    Location:
    Dresden, Germany
    @ braveheart:
    why do you think you are hacked ?
    any problems with a program ?
    lost datas ?
    have you checked your logfile here > http://www.hijackthis.de/en ?

    your logfile is a good start, but not enough information ....
  16. kyle2020 Guest

    seconded. make sure you pay attention to the sites you visit too!
  17. bembe New Member

    Joined:
    May 5, 2008
    Messages:
    2 (0.00/day)
    Thanks Received:
    0
    scan

    The easiest thing to do is to reload

    if you do not try this

    clean up all the crap
    after you have used the analyzed results from the site and removed them run ms config and disable all startup programs. look if anything is suspicious. go to services hide all microsoft services. look for anything suspicious and google what you dont know. then disable all. check programfiles/common files for anything suspicious. check your win32 folder for any dll files after when your problems started and delete them. then run a a/v scan. clean up all the crap and then run a scan
  18. twicksisted

    twicksisted

    Joined:
    Oct 4, 2007
    Messages:
    2,436 (0.98/day)
    Thanks Received:
    350
    I second that... i honestly dont think theres anything suspicious about your hijack this log...
    try the advice of Antzen here and copy and paste your log into the above link.

    youll find that all those processes are safe ;)
  19. Braveheart

    Braveheart New Member

    Joined:
    Mar 26, 2008
    Messages:
    1,115 (0.48/day)
    Thanks Received:
    46
    it's a math program...


    and i thought i was hacked because i got BSOD's all the time, many programs would not start, and i had pop ups...but i fixed the BSOD.
  20. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,067 (5.23/day)
    Thanks Received:
    3,502
    Location:
    Florida
    o ok cool well if popups is what your getting go to start>run>type "msconfig" go to the services and startup tabs and if the messenger service is enabled disable it...than just get like comodo firewall(built in spyware sweeper) or a good program like adaware and scan for cookies and other stuff.
  21. Lillebror New Member

    Joined:
    Jul 28, 2007
    Messages:
    720 (0.28/day)
    Thanks Received:
    88
    Location:
    Denmark
    Code:
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    Your missing alot of your system files! Only way to get your pc to run optimal, is to reinstall :)
  22. Braveheart

    Braveheart New Member

    Joined:
    Mar 26, 2008
    Messages:
    1,115 (0.48/day)
    Thanks Received:
    46
    is reinstalling like reformatting? i can just put all my programs on a external drive, reinstall, then put it all back on?
  23. CrackerJack

    CrackerJack

    Joined:
    Dec 13, 2007
    Messages:
    2,702 (1.12/day)
    Thanks Received:
    448
    Location:
    East TN
    Yeah you best bet is to format and start over again. Those missing files can't actucal be missing. You would get error pop-up if they where. The bug has rewritten the system files.


    I wouldn't want to copy from on drive to the next and then back again. Not in less you know for sure the program is safe.
  24. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,067 (5.23/day)
    Thanks Received:
    3,502
    Location:
    Florida
    you could ry a repair intall.....that would let you keep all ur stuff. it would just replace the system files.
  25. Urlyin

    Urlyin Senior Moderator

    Joined:
    Aug 17, 2004
    Messages:
    2,337 (0.64/day)
    Thanks Received:
    125
    sfc /scannow to replace Windows files then scan in safemode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page