gruven42 Posted February 11, 2010 Report Share Posted February 11, 2010 Happened twice today.Happened again this morning (Feb 13).Happened again today (Feb 16). I was reading through some threads and I disabled SPI on my D-Link DIR-655 router firewall, as one suggested. We'll see if that works. I've also updated to SP3.DMP: http://www.mediafire.com/?knjjeyogn2nLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:02:43 PM, on 2/11/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\Cyberlink\Shared Files\brs.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gyration\MotionTools\MotionTools.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Java\jre6\bin\javaw.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\paul\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exeO4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe bootO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exeO4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exeO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /noguiO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MotionTools] C:\Program Files\Gyration\MotionTools\MotionTools.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Startup: Shortcut to JDownloader.exe.lnk = C:\JDownloader 0.8\JDownloader.exeO4 - Startup: Torrent.lnk = C:\Program Files\uTorrent\uTorrent.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://*.att.netO16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exeO23 - Service: webcamXP Service (wxpSvc) - Moonware Studios - C:\Program Files\wLite\wService.exe--End of file - 7161 bytesProcess PID CPU Description Company NameSystem Idle Process 0 48.46 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 452 Windows NT Session Manager Microsoft Corporation csrss.exe 748 Client Server Runtime Process Microsoft Corporation winlogon.exe 772 Windows NT Logon Application Microsoft Corporation services.exe 816 Services and Controller app Microsoft Corporation nvsvc32.exe 1004 NVIDIA Driver Helper Service, Version 196.21 NVIDIA Corporation svchost.exe 1048 Generic Host Process for Win32 Services Microsoft Corporation wmiprvse.exe 3300 WMI Microsoft Corporation unsecapp.exe 2472 WMI Microsoft Corporation svchost.exe 1116 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1212 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1292 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1408 Generic Host Process for Win32 Services Microsoft Corporation AvastSvc.exe 1628 avast! Service ALWIL Software spoolsv.exe 480 Spooler SubSystem App Microsoft Corporation svchost.exe 1268 Generic Host Process for Win32 Services Microsoft Corporation AppleMobileDeviceService.exe 1448 Apple Mobile Device Service Apple Inc. mDNSResponder.exe 1556 Bonjour Service Apple Inc. svchost.exe 892 Generic Host Process for Win32 Services Microsoft Corporation jqs.exe 2236 Java(TM) Quick Starter Service Sun Microsystems, Inc. mysqld.exe 2288 RichVideo.exe 2480 RichVideo Module svchost.exe 2584 Generic Host Process for Win32 Services Microsoft Corporation winvnc4.exe 2612 VNC Server Free Edition for Win32 RealVNC Ltd. iPodService.exe 3184 iPodService Module Apple Inc. alg.exe 648 Application Layer Gateway Service Microsoft Corporation svchost.exe 580 Generic Host Process for Win32 Services Microsoft Corporation AAWService.exe 3776 Ad-Aware Service Application Lavasoft AAWTray.exe 640 Ad-Aware Tray Application Lavasoft lsass.exe 836 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 1848 Windows Explorer Microsoft Corporation smax4pnp.exe 1988 SMax4PNP Analog Devices, Inc. SMax4.exe 1996 Audio Control Panel Analog Devices, Inc. brs.exe 2004 brs cyberlink rundll32.exe 2020 Run a DLL as an App Microsoft Corporation jusched.exe 180 Java(TM) Platform SE binary Sun Microsystems, Inc. iTunesHelper.exe 220 iTunesHelper Module Apple Inc. rundll32.exe 252 Run a DLL as an App Microsoft Corporation AvastUI.exe 260 avast! Antivirus ALWIL Software ctfmon.exe 280 CTF Loader Microsoft Corporation MotionTools.exe 1180 msmsgs.exe 1284 Windows Messenger Microsoft Corporation utorrent.exe 600 50.77 Torrent BitTorrent, Inc. taskmgr.exe 3528 Windows TaskManager Microsoft Corporation firefox.exe 2116 Firefox Mozilla Corporation procexp.exe 2816 0.77 Sysinternals Process Explorer Sysinternals - www.sysinternals.comjavaw.exe 604 Java(TM) Platform SE binary Sun Microsystems, Inc.Process: utorrent.exe Pid: 600Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.3520ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.2c_936.nls CLBCATQ.DLL Microsoft Corporation 2001.12.4414.308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.258credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.2180ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.3394Echo24Wave.dll Echo PureWave driver Echo Digital Audio Corporation 7.3.0.0Echo24Wrap.dll GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.3466hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.2180iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.6001.18876IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.2180index.dat index.dat index.dat Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.3541locale.nls mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.0.6.2MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.3319msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.3394msxml3.dll MSXML 3.0 SP10 Microsoft Corporation 8.100.1050.0msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.1netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.3462netshell.dll Network Connections Shell Microsoft Corporation 5.1.2600.2180Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.0.5441.0ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.3520ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.2726oleaut32.dll Microsoft Corporation 5.1.2600.3266rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.2938RASAPI32.dll Remote Access API Microsoft Corporation 5.1.2600.2180rasman.dll Remote Access Connection Manager Microsoft Corporation 5.1.2600.2180RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.3555rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.2161rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.3592sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.1.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.3402shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.2180SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.3653sortkey.nls sorttbls.nls SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 5.1.2600.2180SXS.DLL Fusion 2.5 Microsoft Corporation 5.1.2600.3019TAPI32.dll Microsoft Windows(TM) Telephony API Client DLL Microsoft Corporation 5.1.2600.2180unicode.nls upnp.dll Universal Plug and Play API Microsoft Corporation 5.1.2600.2180urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.6001.18876USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.3099USERENV.dll Userenv Microsoft Corporation 5.1.2600.2180uTorrent.exe Torrent BitTorrent, Inc. 2.0.0.17920uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.2180WINHTTP.dll Windows HTTP Services Microsoft Corporation 5.1.2600.3619wininet.dll Internet Extensions for Win32 Microsoft Corporation 8.0.6001.18876WINMM.dll MCI API DLL Microsoft Corporation 5.1.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.2180 Link to comment Share on other sites More sharing options...
Firon Posted February 11, 2010 Report Share Posted February 11, 2010 Shouldn't you be on service pack 3? Link to comment Share on other sites More sharing options...
gruven42 Posted February 11, 2010 Author Report Share Posted February 11, 2010 Is it required? Link to comment Share on other sites More sharing options...
Firon Posted February 11, 2010 Report Share Posted February 11, 2010 Well, MS is dropping support for SP2 shortly. They will no longer be providing any updates to it.In any case, I'll get the dump analyzed soon. Link to comment Share on other sites More sharing options...
gruven42 Posted February 11, 2010 Author Report Share Posted February 11, 2010 Yeah, I'm in the process of updating all of my computers.Thanks for the analysis! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.