1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

HijackThis

Discussion in 'Malware and Virus Removal Archive' started by Kebo9520, 2006/11/22.

  1. 2006/11/22
    Kebo9520

    Kebo9520 Inactive Thread Starter

    Joined:
    2006/11/22
    Messages:
    1
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 3:15:04 PM, on 23/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\WINDOWS\system32\CTsvcCDA.exe
    D:\Program Files\ewido anti-spyware 4.0\guard.exe
    D:\WINDOWS\System32\GEARSec.exe
    D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    D:\Program Files\Spyware Doctor\sdhelp.exe
    D:\WINDOWS\system32\Tablet.exe
    D:\WINDOWS\system32\wdfmgr.exe
    D:\WINDOWS\system32\MsPMSPSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    D:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Skype\Phone\Skype.exe
    D:\PROGRA~1\INTERN~2\mum.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    D:\WINDOWS\System32\alg.exe
    D:\Program Files\Logitech\QuickCam10\COCIManager.exe
    D:\WINDOWS\system32\WTablet\TabUserW.exe
    D:\Program Files\Windows Desktop Search\WindowsSearch.exe
    D:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\WINDOWS\system32\ZoneLabs\isafe.exe
    D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Windows Media Player\wmplayer.exe
    D:\Program Files\Spyware Doctor\swdoctor.exe
    D:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Skype Toolbar for Internet Explorer - {B13721C7-F507-4982-B2E5-502A71474FED} - D:\Program Files\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe "
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe "
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [InternodeUsage] D:\PROGRA~1\INTERN~2\mum.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: TabUserW.exe.lnk = D:\WINDOWS\system32\WTablet\TabUserW.exe
    O4 - Global Startup: Windows Desktop Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\toolbars\SKYPEF~2\SKYPE_~1.DLL
    O9 - Extra 'Tools' menuitem: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\toolbars\SKYPEF~2\SKYPE_~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kebo9520.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - D:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - D:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - D:\WINDOWS\system32\Tablet.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    Kebo9520,
    #1
  2. 2006/11/23
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Hello and welcome to WindowsBBS Forums.


    I have looked over your log and have not found anything to indicate any problems. Were you having any problems, or was this just a 'check-up'?

    For future reference, HJT needs to be installed in its own folder, as described below:
    Go to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. (C:\HJT\HijackThis.exe)Move HijackThis.exe into this folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.
     
    TeMerc,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...