1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

HiJack Log for Analysis

Discussion in 'Malware and Virus Removal Archive' started by CarlBig5, 2006/03/04.

Thread Status:
Not open for further replies.
  1. 2006/03/04
    CarlBig5

    CarlBig5 Inactive Thread Starter

    Joined:
    2006/03/04
    Messages:
    8
    Likes Received:
    0
    Hi there,

    I haev done a HiJack scan and was wondering if anyone could let me know which files are corrupt and need to be removed, I'm not too clued up on it.
    Here's the logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:56:15 AM, on 3/5/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Internet Explorer\BSS\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\HPConfig.exe
    C:\OfficeScan NT\ntrtscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\OfficeScan NT\tmlisten.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\sessmgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Internet Explorer\BSS\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    C:\QUICKENW\QWDLLS.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\CallMe\CallMe.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Carl\Local Settings\Temp\HijackThis.exe
    C:\WINDOWS\SoftwareDistribution\Download\Install\WindowsXP-KB329441-x86-ENU.exe
    c:\e84fc0fbbc995069ab\xpsp1hfm.exe
    c:\e84fc0fbbc995069ab\sp1\update\update.exe
    C:\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/notebooks/omnibook/home
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.20:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.*;<local>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Internet Explorer\BSS\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
    O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Internet Explorer\BSS\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Internet Explorer\BSS\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: CallMe.lnk = C:\Program Files\CallMe\CallMe.exe
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\System32\shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://beacon.dnsalias.net/Remote/msrdp.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O18 - Protocol hijack: ct - {774E529C-2458-48A2-8F57-3ED3105D8612}
    O18 - Protocol: cw - {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\cwproto.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Internet Explorer\BSS\ewido anti-malware\ewidoctrl.exe
    O23 - Service: FWService - Unknown owner - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe (file missing)
    O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe

    Thanks a lot

    Cheers

    Carl
     
    CarlBig5,
    #1
  2. 2006/03/05
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    Arie,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...