My Hijackthis LOG

Viruses and worms
1

Hello , I did a hijackthis log for be sure my computer is ok :slight_smile:
please tell me if all ok with my computer , ty .

The log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:07, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Documents and Settings\Aviv\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ?? ??? ? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [SpywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”
O4 - HKLM..\RunOnce: [Malwarebytes’ Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [ccleaner] “C:\Program Files\CCleaner\CCleaner.exe” /AUTO
O4 - HKCU..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU..\Run: [Advanced SystemCare 3] “C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe” /startup
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228576721625
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228576703265
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

–
End of file - 8874 bytes

2

What would be nice is why you think there is something wrong with your system, symptoms, etc. rather than simply posting a log ?

3

Just want make sure and feel ok with my computer :wink:

4

I suggest running SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.

Also, a boot time scanning with avast will make you more self confident :wink:

5

Well you don’t appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ?

This entry is empty so is effectively redundant, but it is commonly used by malware to launch their file/s and that pathe to the file would come after the colon: so you can fix that.

O20 - AppInit_DLLs:

Apart from that I don’t see anything obvious.

I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

Then consider a firewall:
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

  • There are many freeware firewalls such as, Comodo (care required now it is a suite not to install the anti-virus element), PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.

6

The “On Acess Protection Control” of Avast AV isn’t enough ?
I still need a Firewall ?
now i dont use any firewall .

Sorry for my english .

7

Use, at least, Windows Firewall, it will give you inbound protection against hackers.
avast isn’t enough as it is only an antivirus (nowadays).

8

avast! isn’t a firewall and at the very least you should use the XP firewall as a fireall is an essential part of your system security.

9

Just to ease your mind, here is an analysis of your HJT log which finds little and most of it has been mentioned by the other posters above :

We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Related to Windows Live Messenger addon. Deactivated entry that can be fixed.

O20 - AppInit_DLLs:
Must be fixed. David has explained why in his post above.

Overall, not a bad HJT log except for the 020 entry.

10

:slight_smile: Hi :

You appear to have the malware-prone Adobe Reader on your computer !?
Recommend you read the Info at http://forum.avast.com/index.php?topic=38839.0 and consider “switching” to a safer PDF Reader, such as the
FREE “Foxit Reader” or “Cute PDF” .

11

Hi Bros,

For your convenience I have added a survey of the active tasks you have running there:
(See * for additional info below)
////////////////////////////////////////////////////
smss.exe

System task

Session Manager Subsystem
winlogon.exe

System task

Microsoft Windows Logon Process
services.exe

System task

Windows Service Controller
lsass.exe

System task

Local Security Authority Service
svchost.exe

System task

Microsoft Service Host Process
MsMpEng.exe

Anti Add/Spyware software

Microsoft Windows Defender Antispyware
svchost.exe

System task

Microsoft Service Host Process
svchost.exe

System task

Microsoft Service Host Process
aswUpdSv.exe

Virusscan

Avast Anti-Virus Component
ashServ.exe

Virusscan

Avast
spoolsv.exe

System task

Microsoft Printer Spooler Service
Explorer.EXE

System task

Microsoft Windows Explorer
jqs.exe

Backgroundtask

jqs.exe
nvsvc32.exe

Application

NVIDIA Driver Helper Service
PnkBstrA.exe

This task could give problems, see *

pnkbstra.exe
MSASCui.exe

Anti Add/Spyware software

Microsoft Windows Defender Antispyware
SearchIndexer.exe

System task

Search Indexer
ashDisp.exe

Virusscan

Avast AntiVirus
jusched.exe

Backgroundtask

Sun Java Update Scheduler
RUNDLL32.EXE

System task

Microsoft Rundll32
RTHDCPL.EXE

System task

Realtek HD Audio Sound Effect Manager
ctfmon.exe

System task

Alternative User Input Services
msmsgs.exe

Application

MSN Messenger
ashMaiSv.exe

Virusscan

Avast Anti-Virus Component
ashWebSv.exe

Virusscan

avast! Web Scanner
firefox.exe

Application

Mozilla Firefox
orbitdm.exe

Backgroundtask

orbitdm.exe
orbitnet.exe

Backgroundtask

orbitnet.exe
msnmsgr.exe

Application

MSN Messenger
msnmsgr.exe

Application

Messenger
wlcomm.exe

Backgroundtask

wlcomm.exe
sp_rsser.exe

Anti Add/Spyware software

Realtime Shield Service
HiJackThis.exe

Application

Merijn
//////////////////////////////////////////////////////////////////////////////////////

  • PnkBstrA.exe is normally a legit file. However, it can also cause problems.

Do the following and see if it helps.

Download the following program:

http://www.evenbalance.com/downloads/pbsvc/pbsvc.exe

Open the program above and click the “Uninstall” button. This will remove the PnkBstrA.exe and PnkBstrB.exe service.

Some may need to remove the registry entries.

Go to START → RUN … type regedit

search in these parts

HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Sevices look for PnkBstrA PnkBstrB and PnkBstrK … just right click on the folder listed on the left and delete.

HKEY_LOCAL_MACHINE\SYSTEM\Controlset003\Services look for PnkBstrA PnkBstrB and PnkBstrK … just right click on the folder listed on the left and delete.

Also in C:\windows\system32\drivers is PnkBstrK.sys … safe to delete.

polonus

12

OK ty for all first .

  1. about the “O20 - AppInit_DLLs” , I had a comodo at the past and i saw somewhere that it can be part of comodo so maybe its part of it ,anyway i fixed it.
  2. About the PnkBstrA , I removed it too . anyway which problems can it cause ? because when i installed “Crysis” it was installed with it.
  3. Why shouldn’t I use Adobe reader ? is it a malware ?
  4. I didn’t use a firewall like a 8 monthes , how can i know if any hacker did something to my computer ?
  5. Which firewall should I use (which one is recommended ) ?
  6. I use SAS ,MBAM,SpywareTermintor and i scaned with them and it didnt find anything .

last question :
If i do NOT enter a “bad” sites i still need use firewall ?

Sorry for my english .

ty for all :slight_smile:

13

If you are a gamer that uses punk buster to prevent cheats, then you wouldn’t be able to play the game without this anti-cheat function.

You don’t have to get ride of adobe reader provided you keep it fully up to date and yours appears to be. The main issue is its almost the de facto standard so its user base is huge, that makes it a target for malware. The other suggestion have a much smaller user base and as such don’t provide the same potential for the malware writers to try and exploit.

A firewall that provides outbound protection could detect unauthorised outbound connections, that could be your first indication of undetected/hidden malware on your system.

  • There are many freeware firewalls such as, Comodo (care required now it is a suite not to install the anti-virus element), PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

So, PC Tools firewall or Online Armor or Comodo or zone alarm free. But I suggest you check out these links first.
See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.

  1. you don’t know what could be bad sites can be hacked.
  2. it isn’t so much visiting sites but malware that can get on your system from, a) your network, if your on one, USB flash drives. These may then try to connect to the internet.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

14

Hi Bros,

Couple of answers for you from DavidR there, here are my comments to your questions:
1.) The “O20 - AppInit_DLLs” “as such” is not bad, it is what eventually follows there that could make it suspicious,
2.) I did not say there that PnkBstrA is bad, but it can sometimes cause trouble to the system and only then it is better to uninstall,
3.) Adobe Reader is over bloated software (over 250 MB’s of it) and a known CPU-hog, but that is not the reason to advise you to use an alternate one like FoxitReader, but the main reason is that Adobe has been plagued by vulnerabilities recently not fully patched, the latest version is secure as far as I am aware, but FoxitReader does not weigh that much on your OS and has all a modern reader should have “without the strings attached”, try it out, you will like it like the others here,
4.) Just for that reason read under point 5.

5.) Any good free software firewall )because it will have inward and outward protection will do, at the moment I use ZoneAlarm free (but you can find threads here with alternatives, we all are waiting for the avast firewall to be brought out somewhere in the near future,
6. I think you are free of malware on your machine,

last question- is there ever a last question 8)? You do not have to exclusively visit good sites and therefore not need a firewall - (trusted sites can be hacked and redirect to malware too) some malware can phone home or try to connect to the Internet and a fw will prevent that or someone may snoop on your OS, and the fw will block these attempts,

I hope these were the answers you wanted to your questions, stay secure and be safe on the Internet,

polonus

15

OK ty very much to you all :slight_smile:

I use Foxit reader now .
I’ll use Online armor firewall .

16

OHH and i forgot to ask a question:

If I used SuperAntiSpyware , MBAM, Spyware Terminator and before I scaned with them I updated.
and after I update I Did Full scan and it didnt find anything .
It means no hackers was in my computer ?

17

No, it means nothing was found, nothing more, nothing less, you can’t guarantee anything 100% but with the scans you have done including avast, etc. then it is highly likely there is nothing on your system.

18

I use now Online armor Firewall Free 3.0.0.190 .
Is it work well with avast lastest version ?
no Conflicts or anything ?

19

It appears to be fine, but just watch out after program updates as like many firewalls it detects changes in programs and can block the changed processes (without telling the user).

20

As far we know, they work very well together.