• We've upgraded our forums. Please post any issues/requests in this thread.

hacked

Joined
Mar 26, 2008
Messages
1,115 (0.31/day)
Likes
46
System Name mystie
Processor intel Q9450
Motherboard gigabyte EP45 UD3P
Cooling coolit domino ALC
Memory 4GB DDR3 1333
Video Card(s) sapphire 4870x2
Storage 250GB barracuda, 1.5TB barracuda
Display(s) 15" phillips, HannsG HD 28"
Case custom built plexiglass cube
Audio Device(s) Creative audigy SE
Power Supply Silverstone Strider 700W
Software Vista home premium 64/ Ubuntu 10.04 Beta 64
#1
so i have been hacked, this is a highjackthis log file after i have cleaned twice with ccleaner, once with super antispyware, once with AVG antispyware, once with ad watch, once with avira and twice with spybots, have windows firewall on, spyware blaster installed and on, linskys WRT300N w/ firewall and this is what i get:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:13 PM, on 4/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files (x86)\EasyCal -- 1\ZSMVGDP.EXE
C:\Program Files (x86)\Xfire\xfire.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6706 bytes

how do i get rid of this hijacker?
 
Joined
Mar 26, 2008
Messages
1,115 (0.31/day)
Likes
46
System Name mystie
Processor intel Q9450
Motherboard gigabyte EP45 UD3P
Cooling coolit domino ALC
Memory 4GB DDR3 1333
Video Card(s) sapphire 4870x2
Storage 250GB barracuda, 1.5TB barracuda
Display(s) 15" phillips, HannsG HD 28"
Case custom built plexiglass cube
Audio Device(s) Creative audigy SE
Power Supply Silverstone Strider 700W
Software Vista home premium 64/ Ubuntu 10.04 Beta 64
#2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:13 PM, on 4/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files (x86)\EasyCal -- 1\ZSMVGDP.EXE
C:\Program Files (x86)\Xfire\xfire.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6706 bytes

i tried fixing it with highjackthis, rebooted, still there. do you guys know what to do?
 
Joined
Nov 12, 2007
Messages
750 (0.20/day)
Likes
47
Location
RI, USA
Processor FX 8150 4.41Ghz
Motherboard Asus Crosshair V Formula
Cooling Custom Water
Memory 16GB GSkill Ripjaws X 1600
Video Card(s) Diamond Multimedia HD7970 3GB
Storage 2x WD Black 640GB, WD Black 2TB, Samsung 830 256GB SSD
Display(s) Samsung 32" LED
Case Cooler Master Cosmos (new version)
Audio Device(s) Platronics 777
Power Supply Corsair AX1200
Software Windows 7 Ultimate Signature Edition x64
Benchmark Scores Geekbench: 10,136 3DMark 11: P7792
#4
Reformat/ Reinstall Windows my friend.
 

AsRock

TPU addict
Joined
Jun 23, 2007
Messages
15,314 (4.00/day)
Likes
4,723
Location
US
Processor 2500k \ 3770k
Motherboard ASRock Z68 \ Z77
Memory Samsung low profile 1600
Video Card(s) XFX 6770 \ XFX R9 290X
Storage Intel 80Gb (SATA2) WD 250Gb \ Team SSD+Samsung Evo 250Gb+500Gb+ 2xCorsair Force+WD250GbHDD
Display(s) Samsung 1080P \ Toshiba HDTV 1080P
Case HTPC400 \ Thermaltake Armor case ( original ), With Zalman fan controller ( wattage usage ).
Audio Device(s) Yamaha RX-V475 \ Marantz SR5008 Tannoy Mercury MKII Paradigm 5SE + Tannoy Mercury F4
Power Supply PC&Power 750w \ Seasonic 750w MKII
Mouse MS intelimouse \ Logitech G700s + Steelseries Sensei wireless
Keyboard Logitech K120 \ ROCCAT MK Pro ( modded amber leds )
Benchmark Scores Meh benchmarks.
#6
i've had viruses from this before
( Java) C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe

Ya got a lotta crap starting up there too.
 
Last edited:
Joined
Jan 14, 2008
Messages
3,204 (0.88/day)
Likes
155
Location
London, UK
System Name Azazel 2.5
Processor Intel Core i5 3570K
Motherboard Asus P8Z77-V
Cooling Corsair Hydro Series H80i
Memory Kingston 16GB DDR3 1600MHz HyperX Genesis
Video Card(s) EVGA GTX 670 FTW Sig 2 2GB
Storage Kingston 120GB HyperX + WD 1TB Caviar Black Hard Drive
Display(s) Samsung SM2032BW 20"
Case Corsair Vengeance C70 Black
Audio Device(s) Xonar DG
Power Supply Corsair TX 750W PSU
Software Windows 7 64bit
#7
porn? :p
what did you download...or go to
 

antzen

New Member
Joined
Nov 2, 2005
Messages
40 (0.01/day)
Likes
8
Location
Dresden, Germany
System Name de kiste
Processor AMD Athlon64 X2 6000+
Motherboard MSI K9A Platinum
Cooling Zalman Reserator (blue)
Memory 4x 1GB OCZ DDR2 Crossfire Edition
Video Card(s) Sapphire HD3870 X2
Storage 4x Samsung SATA (900GB)
Display(s) LG L227WT
Audio Device(s) onboard
Power Supply BeQuiet Dark Power Pro 530W
Software Win XP SP3 / Win Vista Ultimate x64 SP1
Benchmark Scores http://service.futuremark.com/compare?3dm06=5674171
#8
what program is the problem ?
hijackthis says
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
can be deleted.
the rest looks clean :confused:

i think you are not hacked.

and "jusched.exe" is the Java Update Scheduler - not critical.
 
Last edited:

Braveheart

New Member
Joined
Mar 26, 2008
Messages
1,115 (0.31/day)
Likes
46
System Name mystie
Processor intel Q9450
Motherboard gigabyte EP45 UD3P
Cooling coolit domino ALC
Memory 4GB DDR3 1333
Video Card(s) sapphire 4870x2
Storage 250GB barracuda, 1.5TB barracuda
Display(s) 15" phillips, HannsG HD 28"
Case custom built plexiglass cube
Audio Device(s) Creative audigy SE
Power Supply Silverstone Strider 700W
Software Vista home premium 64/ Ubuntu 10.04 Beta 64
#9

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,267 (4.28/day)
Likes
6,073
Location
Florida
System Name Not named yet
Processor I5 7640x 5Ghz 24/7
Motherboard MSI x299 Tomahawk Arctic
Cooling Corsair H55
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x Seagate 3TB Drives (RAID 0) 1x Seagate 256GB SSD 1x Adata 120GB SSD
Display(s) 3x AOC Q2577PWQ
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Onboard on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6
Software Windows 10 x64 Pro
#10
C:\Program Files (x86)\EasyCal -- 1\ZSMVGDP.EXE

thats scetchy wtf is that?



peice of advice .exe's with no logical name =high suspicion
 

AsRock

TPU addict
Joined
Jun 23, 2007
Messages
15,314 (4.00/day)
Likes
4,723
Location
US
Processor 2500k \ 3770k
Motherboard ASRock Z68 \ Z77
Memory Samsung low profile 1600
Video Card(s) XFX 6770 \ XFX R9 290X
Storage Intel 80Gb (SATA2) WD 250Gb \ Team SSD+Samsung Evo 250Gb+500Gb+ 2xCorsair Force+WD250GbHDD
Display(s) Samsung 1080P \ Toshiba HDTV 1080P
Case HTPC400 \ Thermaltake Armor case ( original ), With Zalman fan controller ( wattage usage ).
Audio Device(s) Yamaha RX-V475 \ Marantz SR5008 Tannoy Mercury MKII Paradigm 5SE + Tannoy Mercury F4
Power Supply PC&Power 750w \ Seasonic 750w MKII
Mouse MS intelimouse \ Logitech G700s + Steelseries Sensei wireless
Keyboard Logitech K120 \ ROCCAT MK Pro ( modded amber leds )
Benchmark Scores Meh benchmarks.
#11
C:\Program Files (x86)\EasyCal -- 1\ZSMVGDP.EXE

thats scetchy wtf is that?



peice of advice .exe's with no logical name =high suspicion
Dayum don't believe everyone esle missed that lol...
 

antzen

New Member
Joined
Nov 2, 2005
Messages
40 (0.01/day)
Likes
8
Location
Dresden, Germany
System Name de kiste
Processor AMD Athlon64 X2 6000+
Motherboard MSI K9A Platinum
Cooling Zalman Reserator (blue)
Memory 4x 1GB OCZ DDR2 Crossfire Edition
Video Card(s) Sapphire HD3870 X2
Storage 4x Samsung SATA (900GB)
Display(s) LG L227WT
Audio Device(s) onboard
Power Supply BeQuiet Dark Power Pro 530W
Software Win XP SP3 / Win Vista Ultimate x64 SP1
Benchmark Scores http://service.futuremark.com/compare?3dm06=5674171
#12
C:\Program Files (x86)\EasyCal -- 1\ZSMVGDP.EXE

thats scetchy wtf is that?



peice of advice .exe's with no logical name =high suspicion
let's look in google :
ZSMVGDP.EXE - This is the MovieGuard Player program which decrypts the document and displays it to the user. This is always a required program. This is the main program to execute. This program will automatically look for a file called ZSVIDEO.MPI which contains all the information required to run the Movie Player according to the specified parameters.
 

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,267 (4.28/day)
Likes
6,073
Location
Florida
System Name Not named yet
Processor I5 7640x 5Ghz 24/7
Motherboard MSI x299 Tomahawk Arctic
Cooling Corsair H55
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x Seagate 3TB Drives (RAID 0) 1x Seagate 256GB SSD 1x Adata 120GB SSD
Display(s) 3x AOC Q2577PWQ
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Onboard on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6
Software Windows 10 x64 Pro
#13
whats easy cal than the name of the prog?

also update w/e antivir you have and set it to do a boot time virus scan...this makes it so if the virus is smart and hides itself it cant because it isnt being init.
 
Last edited:

erocker

Senior Moderator
Staff member
Joined
Jul 19, 2006
Messages
42,380 (10.17/day)
Likes
18,023
Processor Intel i7 8700k
Motherboard Gigabyte z370 AORUS Gaming 7
Cooling Water
Memory 16gb G.Skill 4000 MHz DDR4
Video Card(s) Evga GTX 1080
Storage 3 x Samsung Evo 850 500GB, 1 x 250GB, 2 x 2TB HDD
Display(s) Nixeus EDG27
Case Thermaltake X5
Power Supply Corsair HX1000i
Mouse Zowie EC1-B
Software Windows 10
#14

antzen

New Member
Joined
Nov 2, 2005
Messages
40 (0.01/day)
Likes
8
Location
Dresden, Germany
System Name de kiste
Processor AMD Athlon64 X2 6000+
Motherboard MSI K9A Platinum
Cooling Zalman Reserator (blue)
Memory 4x 1GB OCZ DDR2 Crossfire Edition
Video Card(s) Sapphire HD3870 X2
Storage 4x Samsung SATA (900GB)
Display(s) LG L227WT
Audio Device(s) onboard
Power Supply BeQuiet Dark Power Pro 530W
Software Win XP SP3 / Win Vista Ultimate x64 SP1
Benchmark Scores http://service.futuremark.com/compare?3dm06=5674171
#15
@ braveheart:
why do you think you are hacked ?
any problems with a program ?
lost datas ?
have you checked your logfile here > http://www.hijackthis.de/en ?

your logfile is a good start, but not enough information ....
 

bembe

New Member
Joined
May 5, 2008
Messages
2 (0.00/day)
Likes
0
#17
scan

The easiest thing to do is to reload

if you do not try this

clean up all the crap
after you have used the analyzed results from the site and removed them run ms config and disable all startup programs. look if anything is suspicious. go to services hide all microsoft services. look for anything suspicious and google what you dont know. then disable all. check programfiles/common files for anything suspicious. check your win32 folder for any dll files after when your problems started and delete them. then run a a/v scan. clean up all the crap and then run a scan
 
Joined
Oct 4, 2007
Messages
2,444 (0.66/day)
Likes
352
System Name PC
Processor i7 2600K @4ghz
Motherboard Asus P8P67 Pro
Cooling Noctua NH-U14S
Memory 16GB Corsair Vengeance Blue DDR3 1600mhz
Video Card(s) Palit GTX 1080 Jetstream
Storage Samsung 850 pro 512gb SSD, 2x Kingston 120GB SSD, 2TB WB Green
Display(s) LG 34UM68 34-Inch Monitor
Case Corsair Obsidian 550D Case
Audio Device(s) Asus Xonar D2X PCI Express Audio / Audioengine A5+ Speakers
Power Supply Corsair RM650 Power Supply
Mouse Logitech G500 Mouse
Keyboard Corsair Vengeance K70 Keyboard
Software Windows 10 64bit
#18
@ braveheart:
why do you think you are hacked ?
any problems with a program ?
lost datas ?
have you checked your logfile here > http://www.hijackthis.de/en ?

your logfile is a good start, but not enough information ....
I second that... i honestly dont think theres anything suspicious about your hijack this log...
try the advice of Antzen here and copy and paste your log into the above link.

youll find that all those processes are safe ;)
 

Braveheart

New Member
Joined
Mar 26, 2008
Messages
1,115 (0.31/day)
Likes
46
System Name mystie
Processor intel Q9450
Motherboard gigabyte EP45 UD3P
Cooling coolit domino ALC
Memory 4GB DDR3 1333
Video Card(s) sapphire 4870x2
Storage 250GB barracuda, 1.5TB barracuda
Display(s) 15" phillips, HannsG HD 28"
Case custom built plexiglass cube
Audio Device(s) Creative audigy SE
Power Supply Silverstone Strider 700W
Software Vista home premium 64/ Ubuntu 10.04 Beta 64
#19
C:\Program Files (x86)\EasyCal -- 1\ZSMVGDP.EXE

thats scetchy wtf is that?



peice of advice .exe's with no logical name =high suspicion
it's a math program...


and i thought i was hacked because i got BSOD's all the time, many programs would not start, and i had pop ups...but i fixed the BSOD.
 

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,267 (4.28/day)
Likes
6,073
Location
Florida
System Name Not named yet
Processor I5 7640x 5Ghz 24/7
Motherboard MSI x299 Tomahawk Arctic
Cooling Corsair H55
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x Seagate 3TB Drives (RAID 0) 1x Seagate 256GB SSD 1x Adata 120GB SSD
Display(s) 3x AOC Q2577PWQ
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Onboard on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6
Software Windows 10 x64 Pro
#20
o ok cool well if popups is what your getting go to start>run>type "msconfig" go to the services and startup tabs and if the messenger service is enabled disable it...than just get like comodo firewall(built in spyware sweeper) or a good program like adaware and scan for cookies and other stuff.
 

Lillebror

New Member
Joined
Jul 28, 2007
Messages
719 (0.19/day)
Likes
88
Location
Denmark
Processor Intel Core2Duo e8400 @ 3.6ghz
Motherboard Asus P5Q Pro w/ mBios
Cooling Xigmatec something with a orange fan
Memory Kingston HyperX 4 gig
Video Card(s) Sapphire hd4870
Storage 320 gb Maxtor 750gb samsung f11 250gb hitachi
Display(s) IIyama e1900s
Case CoolerMaster Ammo
Audio Device(s) Asus Xonar D2/PM Pci
Power Supply Corsair 750w
Software Windows 7 x64
#21
Code:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Your missing alot of your system files! Only way to get your pc to run optimal, is to reinstall :)
 

Braveheart

New Member
Joined
Mar 26, 2008
Messages
1,115 (0.31/day)
Likes
46
System Name mystie
Processor intel Q9450
Motherboard gigabyte EP45 UD3P
Cooling coolit domino ALC
Memory 4GB DDR3 1333
Video Card(s) sapphire 4870x2
Storage 250GB barracuda, 1.5TB barracuda
Display(s) 15" phillips, HannsG HD 28"
Case custom built plexiglass cube
Audio Device(s) Creative audigy SE
Power Supply Silverstone Strider 700W
Software Vista home premium 64/ Ubuntu 10.04 Beta 64
#22
Code:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Your missing alot of your system files! Only way to get your pc to run optimal, is to reinstall :)
is reinstalling like reformatting? i can just put all my programs on a external drive, reinstall, then put it all back on?
 
Joined
Dec 13, 2007
Messages
2,758 (0.75/day)
Likes
465
#23
Yeah you best bet is to format and start over again. Those missing files can't actucal be missing. You would get error pop-up if they where. The bug has rewritten the system files.


I wouldn't want to copy from on drive to the next and then back again. Not in less you know for sure the program is safe.
 

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,267 (4.28/day)
Likes
6,073
Location
Florida
System Name Not named yet
Processor I5 7640x 5Ghz 24/7
Motherboard MSI x299 Tomahawk Arctic
Cooling Corsair H55
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x Seagate 3TB Drives (RAID 0) 1x Seagate 256GB SSD 1x Adata 120GB SSD
Display(s) 3x AOC Q2577PWQ
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Onboard on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6
Software Windows 10 x64 Pro
#24
you could ry a repair intall.....that would let you keep all ur stuff. it would just replace the system files.
 

Urlyin

Senior Moderator
Joined
Aug 17, 2004
Messages
2,260 (0.46/day)
Likes
129
#25
sfc /scannow to replace Windows files then scan in safemode