Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » HJT log

[Fixed] Hijackthis! Logs - HJT log posted in the Security & Safety forums; looking at my processes.. can someone tell me if they see anything odd. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:04 PM, on 2/24/2008 Platform: Windows XP SP2 ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 02-24-2008
joeyfine's Avatar
Tech Support Team
My PC
 
Join Date: Dec 2005
Location: Akron, Ohio
Posts: 496
PC Experience: Support
joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page
Send a message via AIM to joeyfine Send a message via Yahoo to joeyfine
Default HJT log
looking at my processes.. can someone tell me if they see anything odd.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:04 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-1957994488-1767777339-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1957994488-1767777339-725345543-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1957994488-1767777339-725345543-1003\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (User '?')
O4 - HKUS\S-1-5-21-1957994488-1767777339-725345543-1003\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1957994488-1767777339-725345543-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1957994488-1767777339-725345543-1003\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9261 bytes


__________________
~ Joseph
PCHF Rules & Home Page & Prework

Think we did a good job? Donating keeps this going!

Desktop Support Analyst
MCSA, CCNA, A+ Certified.

  #2  
Old 02-25-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HJT log
I see nothing wrong....Its all fine.If you have a problem its best to say so as that can save a lot of time and help us to know what we are looking for.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 02-25-2008
joeyfine's Avatar
Tech Support Team
My PC
 
Join Date: Dec 2005
Location: Akron, Ohio
Posts: 496
PC Experience: Support
joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page
Send a message via AIM to joeyfine Send a message via Yahoo to joeyfine
Default Re: HJT log
hey thanks... im just doing a check up. my machine is taking a terribly long time on startup. just makin sure there are no problems


__________________
~ Joseph
PCHF Rules & Home Page & Prework

Think we did a good job? Donating keeps this going!

Desktop Support Analyst
MCSA, CCNA, A+ Certified.

  #4  
Old 02-25-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HJT log
I cant see anything but I will just look a bit deeper.

Ok.Lets begin with ComboFix.exe.
Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 02-26-2008
joeyfine's Avatar
Tech Support Team
My PC
 
Join Date: Dec 2005
Location: Akron, Ohio
Posts: 496
PC Experience: Support
joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page
Send a message via AIM to joeyfine Send a message via Yahoo to joeyfine
Default Re: HJT log
here you go thanks for the look

ComboFix 08-02-25.3 - Joe 2008-02-25 18:01:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1383 [GMT -5:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 12:27 . 2008-02-24 12:27 <DIR> d-------- C:\Program Files\InterMute
2008-02-24 12:24 . 2008-02-24 12:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 10:16 . 2008-02-24 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 20:37 . 2008-02-21 20:37 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-02-16 10:00 . 2008-02-16 10:00 1,909 --a------ C:\Documents and Settings\Joe\clean.reg
2008-02-16 09:39 . 2008-02-16 09:39 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-16 09:35 . 2008-02-13 13:22 <DIR> d-------- C:\SDFix
2008-02-12 16:54 . 2008-02-12 16:55 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Command & Conquer 3 Tiberium Wars
2008-02-12 14:20 . 2008-02-12 14:20 <DIR> d-------- C:\desktop
2008-02-11 17:46 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-02-11 17:21 . 2008-02-11 17:21 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-02-11 15:55 . 2008-02-11 15:55 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-02-11 15:55 . 2008-02-11 15:55 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\SystemRequirementsLab
2008-02-11 15:47 . 2008-02-11 19:13 <DIR> d-------- C:\Program Files\PCPitstop
2008-02-07 13:39 . 2008-02-07 13:38 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-07 13:39 . 2008-02-07 13:39 3,441 --a------ C:\WINDOWS\unins000.dat
2008-02-06 18:59 . 2007-08-06 19:28 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-02-04 20:29 . 2008-02-04 20:35 <DIR> d-------- C:\World in Conflict

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-25 22:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-25 22:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-25 22:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-25 21:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 13:03 --------- d-----w C:\Program Files\LogMeIn
2008-02-24 17:39 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-11 22:45 --------- d-----w C:\Program Files\Realtek
2008-02-07 22:48 --------- d-----w C:\Program Files\EA Games
2008-02-07 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 18:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 00:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-25 00:09 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-22 23:04 --------- d-----w C:\Program Files\iTunes
2008-01-22 23:04 --------- d-----w C:\Program Files\iPod
2008-01-22 23:03 --------- d-----w C:\Program Files\QuickTime
2008-01-21 04:32 --------- d-----w C:\Program Files\THQ
2008-01-16 00:17 4,652,544 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-01-09 20:25 16,859,648 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-01-07 03:09 --------- d-----w C:\Documents and Settings\Joe\Application Data\InterVideo
2008-01-07 03:08 --------- d-----w C:\Program Files\InterVideo Information Service
2008-01-07 03:08 --------- d-----w C:\Program Files\Common Files\Ulead
2008-01-07 03:07 --------- d-----w C:\Program Files\InterVideo
2008-01-07 03:07 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-01-07 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-07 03:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-07 00:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 07:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-11-16 05:23 22,328 ----a-w C:\Documents and Settings\Joe\Application Data\PnkBstrK.sys
2007-11-05 15:31 1 ----a-w C:\Documents and Settings\Joe\SI.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-12 06:28 1465280]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 14:35 67112]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 12:45 549376]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-11-09 13:10 1126400]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 08:21 94208]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03 63048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 18:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 19:33 125168]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.e xe" [2006-01-19 10:06 11776]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-12-05 01:41 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 15:25 16859648 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-11-20 18:15 1826816 C:\WINDOWS\SkyTel.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"SchedulingAgent"="C:\WINDOWS\system32\mstask. exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-21 21:33 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 14:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 10:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-01-09 15:25 16859648 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 18:15 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Sid Meier's Railroads!\\RailRoads.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe" =
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"C:\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\UltraFXP\\UltraFxp.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Crysis\\Bin32\\CrysisDedicatedServer.exe" =
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"G:\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"G:\\MOHAA Classic\\MOHAA.exe"=
"C:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"G:\\THQ\\Dawn of War\\Dark Crusade\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 13:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sy s [2007-04-05 10:55]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 16:14]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bebecb7a-8747-11dc-b174-00044b024a1e}]
\Shell\AutoRun\command - D:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 21:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 18:06:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-25 18:08:03
.
2008-02-14 08:01:39 --- E O F ---


__________________
~ Joseph
PCHF Rules & Home Page & Prework

Think we did a good job? Donating keeps this going!

Desktop Support Analyst
MCSA, CCNA, A+ Certified.

  #6  
Old 02-26-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HJT log
Thats all fine.I done see anything bad.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #7  
Old 02-26-2008
joeyfine's Avatar
Tech Support Team
My PC
 
Join Date: Dec 2005
Location: Akron, Ohio
Posts: 496
PC Experience: Support
joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page joeyfine - See this Members User comments on their Profile page
Send a message via AIM to joeyfine Send a message via Yahoo to joeyfine
Default Re: HJT log
well thanks for your help just keepin the old pc healthy!


__________________
~ Joseph
PCHF Rules & Home Page & Prework

Think we did a good job? Donating keeps this going!

Desktop Support Analyst
MCSA, CCNA, A+ Certified.


Reply
Satellite TV on your PC - over 3000 Channels! Click Here!

Bookmarks

« Laptop Problem (Spyware & Trojan) Thanks. | HiJack This Log--see anything that's a problem »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts