ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security
friends hijackthis log friends hijackthis log
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 03-15-2006, 12:33 PM   #1 (permalink)
Gold Member
 
sidthereal's Avatar
 
Join Date: Jun 2005
Posts: 269
Default friends hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 4:59:53 PM, on 3/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend\Tmas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\nefdw.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe
O4 - HKLM\..\Run: [pcvp] C:\WINDOWS\System32\pcvp.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [lcps] C:\WINDOWS\System32\lcps.exe
O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [HTTP] C:\WINDOWS\System32\HTTP.exe
O4 - HKLM\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\Run: [MS22] C:\WINDOWS\System32\MS22.exe
O4 - HKLM\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MuscleCarSetup.exe] C:\DOCUME~1\ADMINI~1\Desktop\MUSCLE~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend\Tmas.exe
O4 - Startup: BitTorrent.lnk = F:\Bt\bittorrent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C7303C-C1FC-4D05-8FFB-1EEF10A12DA6}: NameServer = 203.94.243.70,203.94.227.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl6l13s1.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\u0ru0a99ed.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\dk lite\DKService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

comp has been acting slow and unstable...could the log help?
thanks in advance
__________________
he who laughs last
must have a terrible sense of humor :eek:
sidthereal is offline   Reply With Quote


Old 03-15-2006, 01:48 PM   #2 (permalink)
Gold Member
 
sidthereal's Avatar
 
Join Date: Jun 2005
Posts: 269
Default
did a scan using spysweeper, remved a helluva lotta things....
heres the fresh log
Logfile of HijackThis v1.99.1
Scan saved at 6:16:29 PM, on 3/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\nefdw.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe
O4 - HKLM\..\Run: [pcvp] C:\WINDOWS\System32\pcvp.exe
O4 - HKLM\..\Run: [lcps] C:\WINDOWS\System32\lcps.exe
O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [HTTP] C:\WINDOWS\System32\HTTP.exe
O4 - HKLM\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\Run: [MS22] C:\WINDOWS\System32\MS22.exe
O4 - HKLM\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MuscleCarSetup.exe] C:\DOCUME~1\ADMINI~1\Desktop\MUSCLE~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - Startup: BitTorrent.lnk = F:\Bt\bittorrent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C7303C-C1FC-4D05-8FFB-1EEF10A12DA6}: NameServer = 203.94.243.70,203.94.227.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl6l13s1.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\q4rqle951h.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\dk lite\DKService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
__________________
he who laughs last
must have a terrible sense of humor :eek:
sidthereal is offline   Reply With Quote
Old 03-15-2006, 09:47 PM   #3 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 7,583
Default
Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\nefdw.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\alc.exe
O4 - HKLM\..\Run: [pcvp] C:\WINDOWS\System32\pcvp.exe
O4 - HKLM\..\Run: [lcps] C:\WINDOWS\System32\lcps.exe
O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe
O4 - HKLM\..\Run: [HTTP] C:\WINDOWS\System32\HTTP.exe
O4 - HKLM\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\Run: [MS22] C:\WINDOWS\System32\MS22.exe
O4 - HKLM\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKLM\..\RunServices: [Microsof Avps32 Control] av32.pif
O4 - HKLM\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKLM\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKLM\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\Run: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\Run: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\Run: [Microsoft Configuewe] msconfiguwe.exe
O4 - HKCU\..\RunServices: [Microsoft Configu] msconfigu.exe
O4 - HKCU\..\RunServices: [Microsoft Configuew] msconfiguw.exe
O4 - HKCU\..\RunServices: [Microsoft Configuewe] msconfiguwe.exe
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\enl6l13s1.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\q4rqle951h.dll
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe

Close all open windows and browsers, and hit "Fix Checked".

Delete these folders\files.

C:\Program Files\winsupdater
C:\WINDOWS\System32\cc32.exe
C:\nefdw.exe
C:\alc.exe
C:\WINDOWS\System32\pcvp.exe
C:\WINDOWS\System32\lcps.exe
C:\WINDOWS\Mstray.exe
C:\WINDOWS\System32\HTTP.exe
C:\WINDOWS\System32\MS22.exe
C:\WINDOWS\system32\q4rqle951h.dll
C:\WINDOWS\mswmf32.exe
C:\Program Files\Network Monitor
C:\WINDOWS\nvidGUIv.exe
C:\WINDOWS\axdcfasb.exe

Find and delete these files.

winlog.exe
av32.pif
msconfigu.exe
msconfiguw.exe
msconfiguwe.exe

Reboot and post a new Hijackthis log.
__________________
Son of Glyndwr
Mae hen wlad fy nhadau yn annwyl i mi
Buzz1927 is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT +1. The time now is 10:46 AM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.
Copyright © 2002-2009 Computer Forum - Internet Business - Web Design Forum