Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » HiJack This Log

[Fixed] Hijackthis! Logs - HiJack This Log posted in the Security & Safety forums; Deckard's System Scanner v20071014.68 Run by User on 2008-03-14 02:08:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. Performed disk cleanup. System Drive C: has 1.91 GiB (less ...

JOIN US NOW to remove these Ads

PC Help Forum, the number one FREE computer support website in the search engines
Post New Thread  Reply
  #1  
Old 03-13-2008
kurorin's Avatar
New Poster
  
Join Date: Mar 2008
Posts: 1
PC Experience: Beginner
kurorin - See this Members User comments on their Profile page
Default HiJack This Log
Deckard's System Scanner v20071014.68
Run by User on 2008-03-14 02:08:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.91 GiB (less than 15%) free.


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:23, on 14/3/2551
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\User\MYDOCU~1\MYRECE~1\HIJACK~1\User.e xe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{12E5EF88-3A6D-4800-8F97-E3614B928581}: NameServer = 203.144.207.29 203.144.207.49
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6198 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 npkcrypt - c:\lineageii c5\system\npkcrypt.sys (file missing)
S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver>
S3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,3 2,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53, 00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00 ,73,00,79,00,73,00,00,00 (file missing)
S3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,3 2,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53, 00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00 ,73,00,79,00,73,00,00,00 (file missing)
S3 XDva025 - c:\windows\system32\xdva025.sys (file missing)
S3 XDva032 - c:\windows\system32\xdva032.sys (file missing)
S3 XDva045 - c:\windows\system32\xdva045.sys (file missing)
S3 XDva070 - c:\windows\system32\xdva070.sys (file missing)
S3 XDva095 - c:\windows\system32\xdva095.sys (file missing)
S3 XDva098 - c:\windows\system32\xdva098.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-02-14 and 2008-03-14 -----------------------------

2008-03-14 00:07:30 0 d-------- C:\WINDOWS\Prefetch
2008-03-11 14:29:32 12296192 --a------ C:\Documents and Settings\User\ntuser.dat
2008-03-08 11:11:53 0 d-------- C:\Program Files\CIRCUS
2008-02-25 07:44:24 0 d-------- C:\Program Files\Asiasoft
2008-02-24 02:52:05 0 d-------- C:\Piaキャロットへようこそ!! G.P
2008-02-21 23:38:08 0 d-------- C:\Documents and Settings\User\Application Data\Help
2008-02-19 00:16:22 0 d-------- C:\?????


-- Find3M Report ---------------------------------------------------------------

2008-02-13 00:35:55 0 d-------- C:\Program Files\ALO Power Audio Converter
2008-02-13 00:26:56 44 --a------ C:\WINDOWS\system32\winitn.dll
2008-02-13 00:26:56 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-02-13 00:26:56 90112 --a------ C:\WINDOWS\system32\agsaami.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-02-13 00:26:56 610304 --a------ C:\WINDOWS\system32\agsaamg.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFile3 Module>
2008-02-13 00:26:56 372736 --a------ C:\WINDOWS\system32\agsaamc.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFileWMA3 Module>
2008-01-30 09:01:27 0 d-------- C:\Documents and Settings\User\Application Data\foobar2000
2008-01-21 22:36:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-20 22:25:23 0 dr-h----- C:\Documents and Settings\User\Application Data\SecuROM
2008-01-15 18:15:46 0 d-------- C:\Program Files\SmartDraw 2008
2007-12-14 17:19:56 40960 -----n--- C:\WINDOWS\system32\MAMACExtract.dll <Not Verified; ???????; ??????? MAMACExtract>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [07/09/2001 10:50 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/26/2006 03:16 AM]
"nwiz"="nwiz.exe" [02/26/2006 03:16 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [02/26/2006 03:16 AM]
"SoundMan"="SOUNDMAN.EXE" [04/14/2005 03:01 PM C:\WINDOWS\SOUNDMAN.EXE]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [11/23/2005 05:33 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [08/03/2004 09:31 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [08/03/2004 09:32 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [08/03/2004 09:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [05/13/2007 12:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [09/20/2007 08:23 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 01:56 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 10:29 AM]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"msnsc"=C:\WINDOWS\system32\msnsc.exe

C:\Documents and Settings\User\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [18/3/2550 10:05:02]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [20/5/2549 19:43:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/9/2548 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/2/2549 4:21:22]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [11/23/2004 04:51 PM 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,0 0,00,00,00

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9cf54b8e-1528-11dc-8273-0013d48bf58d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7c85a1f6-8a9b-11dc-83e9-0013d48bf58d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
Auto\command- infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2ea7b25c-09c7-11dc-8261-0013d48bf58d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{14875bf7-84fc-11dc-83db-0013d48bf58d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{14875bf6-84fc-11dc-83db-0013d48bf58d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs




-- End of Deckard's System Scanner: finished at 2008-03-14 02:12:01 ------------






Please ......
  #2  
Old 03-13-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,325
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HiJack This Log
That looks fine.I dont see any problems.


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
New! Norton Internet Security 2008 – Download Now Click Here

Bookmarks

« Browser hijacked - continuous redirects | Please help with Hijack this log »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Fixed] need someone to proof my hijack log cr2jones [Fixed] Hijackthis! Logs 5 01-04-2008 07:28 PM
another hijack log jonnysos11 [Fixed] Hijackthis! Logs 1 11-25-2007 11:18 PM
PLEASE help with this HiJack This Log angelab6067 [Fixed] Hijackthis! Logs 7 11-01-2007 08:44 PM
[Pending] May I Get help with my Hijack Log? m56col [Fixed] Hijackthis! Logs 1 06-11-2007 01:48 AM
[Resolved] please help with my hijack log confidential [Fixed] Hijackthis! Logs 14 12-02-2005 12:51 AM

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 09:24 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top