Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Hijackthis log help
New Posts  All Forums:Forum Nav:

Hijackthis log help

post #1 of 9
Thread Starter 
Too many SVchost running, random files popping up....used ProcessLibrary from another member to find out what they were, some of them were trojans....heres my hijackthis, can i get some help?


Logfile of HijackThis v1.99.1
Scan saved at 12:23:04 AM, on 04/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgamsvr.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgupsvc.exe
C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe
C:\\WINDOWS\\LOGI_MWX.EXE
C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE
C:\\Program Files\\Logitech\\iTouch\\iTouch.exe
C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Documents and Settings\\Kopi\\Desktop\\F@H\\FAH504.exe
C:\\Documents and Settings\\Kopi\\Desktop\\F@H\\FahCore_78.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\DOCUME~1\\Kopi\\LOCALS~1\\Temp\\Rar$EX00.078\\ Hijack This.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O2 - BHO: Enya Popup Blocker - {C68AE9C0-0909-4DDC-B661-C11970042753} - C:\\WINDOWS\\system32\\svrhost.dll
O4 - HKLM\\..\\Run: [Smapp] C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe
O4 - HKLM\\..\\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\\..\\Run: [LVCOMS] C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE
O4 - HKLM\\..\\Run: [zBrowser Launcher] C:\\Program Files\\Logitech\\iTouch\\iTouch.exe
O4 - HKLM\\..\\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [AVG7_CC] C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP
O4 - HKLM\\..\\Run: [ASUS Probe] C:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe
O4 - HKCU\\..\\Run: [msnmsgr] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe" /background
O4 - HKCU\\..\\Run: [IDMan] C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot
O8 - Extra context menu item: Download All Links with IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_10\\bin\\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\\WINDOWS\\system32\\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\\WinPcap\
pcapd.exe" -d -f "%ProgramFiles%\\WinPcap\
pcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe
Kopisaurus
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz 1.395v Gigabyte P67A-UD3P-B3 ATI HD6950 2GB (flashed --> 6970) 16GB Gskill Sniper 1600mhz 
Hard DriveOptical DriveOSMonitor
500gb WD Black / 2x 1TB WD Black RAID1 LG DVD/RW Super Multi Windows 7 Enterprise x64 ASUS ML239H 23" LED  
KeyboardPowerCaseMouse
Logitech G15 (modded) Corsair TV750W V2 Lian-Li Lancool PC-K62B Logitech G5 
  hide details  
Reply
Kopisaurus
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz 1.395v Gigabyte P67A-UD3P-B3 ATI HD6950 2GB (flashed --> 6970) 16GB Gskill Sniper 1600mhz 
Hard DriveOptical DriveOSMonitor
500gb WD Black / 2x 1TB WD Black RAID1 LG DVD/RW Super Multi Windows 7 Enterprise x64 ASUS ML239H 23" LED  
KeyboardPowerCaseMouse
Logitech G15 (modded) Corsair TV750W V2 Lian-Li Lancool PC-K62B Logitech G5 
  hide details  
Reply
post #2 of 9
It's that damn dancing milk carton again.
mini ITX
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K @ 3.8GHz ASRock Z77E-ITX XFX Radeon HD 6950 2GB Kingston Hyper X 1600 RAM (2X4GB) 
Hard DriveHard DriveCoolingCooling
Samsung 830 128GB Western Digital WD2000KS 2TB Antec Kuhler 620 3X Xigmatek 120mm (UV), 1X Xigmatek 140mm (UV) 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 Apple 23" Cinema Display HD (1) Apple 23" Cinema Display HD (2) Dell Black Kid 
PowerCaseMouseAudio
Seasonic SS-660XP2 660W Cubitek Mini Tank Razer Imperator 2012 Klipsch Promedia 5.1 w/ Pioneer VSX-520 receive... 
  hide details  
Reply
mini ITX
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K @ 3.8GHz ASRock Z77E-ITX XFX Radeon HD 6950 2GB Kingston Hyper X 1600 RAM (2X4GB) 
Hard DriveHard DriveCoolingCooling
Samsung 830 128GB Western Digital WD2000KS 2TB Antec Kuhler 620 3X Xigmatek 120mm (UV), 1X Xigmatek 140mm (UV) 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 Apple 23" Cinema Display HD (1) Apple 23" Cinema Display HD (2) Dell Black Kid 
PowerCaseMouseAudio
Seasonic SS-660XP2 660W Cubitek Mini Tank Razer Imperator 2012 Klipsch Promedia 5.1 w/ Pioneer VSX-520 receive... 
  hide details  
Reply
post #3 of 9
.........i have 9 svchost running right now its actually completely normal
post #4 of 9
Fine, I'll help him out..

the "services" processes are basically clusters of core windows processes.

you can reduce the amount by going to start menu -> run -> services.msc

there you can disable services you don't need

doesn't look like you have any trojans or spyware, just useless programs you may want to disable with HJT. Maybe get rid of REAL and logitech and soundmax and ati crap you don't need..
mini ITX
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K @ 3.8GHz ASRock Z77E-ITX XFX Radeon HD 6950 2GB Kingston Hyper X 1600 RAM (2X4GB) 
Hard DriveHard DriveCoolingCooling
Samsung 830 128GB Western Digital WD2000KS 2TB Antec Kuhler 620 3X Xigmatek 120mm (UV), 1X Xigmatek 140mm (UV) 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 Apple 23" Cinema Display HD (1) Apple 23" Cinema Display HD (2) Dell Black Kid 
PowerCaseMouseAudio
Seasonic SS-660XP2 660W Cubitek Mini Tank Razer Imperator 2012 Klipsch Promedia 5.1 w/ Pioneer VSX-520 receive... 
  hide details  
Reply
mini ITX
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K @ 3.8GHz ASRock Z77E-ITX XFX Radeon HD 6950 2GB Kingston Hyper X 1600 RAM (2X4GB) 
Hard DriveHard DriveCoolingCooling
Samsung 830 128GB Western Digital WD2000KS 2TB Antec Kuhler 620 3X Xigmatek 120mm (UV), 1X Xigmatek 140mm (UV) 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 Apple 23" Cinema Display HD (1) Apple 23" Cinema Display HD (2) Dell Black Kid 
PowerCaseMouseAudio
Seasonic SS-660XP2 660W Cubitek Mini Tank Razer Imperator 2012 Klipsch Promedia 5.1 w/ Pioneer VSX-520 receive... 
  hide details  
Reply
post #5 of 9
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\\WinPcap\
pcapd.exe" -d -f "%ProgramFiles%\\WinPcap\
pcapd.ini (file missing)


Tsk, tsk, tsk.
My Big Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k 3.4Ghz AsRock P67 Extreme6 Sapphire HD 6970 Ripjaws X DDR 2133 
Hard DriveOptical DriveOSMonitor
WD1002FAEX 1TB - RAID 0 Lite-ON iHBS212 Blu-ray Windows 7 Ultimate x64 Samsung SyncMaster 2494 
KeyboardPowerCaseMouse
Zboard SeaSonic x750 Modular HAF X Logitech G500 
Mouse Pad
Razer eXactMat 
  hide details  
Reply
My Big Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k 3.4Ghz AsRock P67 Extreme6 Sapphire HD 6970 Ripjaws X DDR 2133 
Hard DriveOptical DriveOSMonitor
WD1002FAEX 1TB - RAID 0 Lite-ON iHBS212 Blu-ray Windows 7 Ultimate x64 Samsung SyncMaster 2494 
KeyboardPowerCaseMouse
Zboard SeaSonic x750 Modular HAF X Logitech G500 
Mouse Pad
Razer eXactMat 
  hide details  
Reply
post #6 of 9
yeah..any (file missing)s you get, just delete my man.

:
mini ITX
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K @ 3.8GHz ASRock Z77E-ITX XFX Radeon HD 6950 2GB Kingston Hyper X 1600 RAM (2X4GB) 
Hard DriveHard DriveCoolingCooling
Samsung 830 128GB Western Digital WD2000KS 2TB Antec Kuhler 620 3X Xigmatek 120mm (UV), 1X Xigmatek 140mm (UV) 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 Apple 23" Cinema Display HD (1) Apple 23" Cinema Display HD (2) Dell Black Kid 
PowerCaseMouseAudio
Seasonic SS-660XP2 660W Cubitek Mini Tank Razer Imperator 2012 Klipsch Promedia 5.1 w/ Pioneer VSX-520 receive... 
  hide details  
Reply
mini ITX
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K @ 3.8GHz ASRock Z77E-ITX XFX Radeon HD 6950 2GB Kingston Hyper X 1600 RAM (2X4GB) 
Hard DriveHard DriveCoolingCooling
Samsung 830 128GB Western Digital WD2000KS 2TB Antec Kuhler 620 3X Xigmatek 120mm (UV), 1X Xigmatek 140mm (UV) 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 Apple 23" Cinema Display HD (1) Apple 23" Cinema Display HD (2) Dell Black Kid 
PowerCaseMouseAudio
Seasonic SS-660XP2 660W Cubitek Mini Tank Razer Imperator 2012 Klipsch Promedia 5.1 w/ Pioneer VSX-520 receive... 
  hide details  
Reply
post #7 of 9
Quote:
Originally Posted by StarryNite View Post
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\\WinPcap\
pcapd.exe" -d -f "%ProgramFiles%\\WinPcap\
pcapd.ini (file missing)


Tsk, tsk, tsk.
packet sniffer..

mini ITX
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K @ 3.8GHz ASRock Z77E-ITX XFX Radeon HD 6950 2GB Kingston Hyper X 1600 RAM (2X4GB) 
Hard DriveHard DriveCoolingCooling
Samsung 830 128GB Western Digital WD2000KS 2TB Antec Kuhler 620 3X Xigmatek 120mm (UV), 1X Xigmatek 140mm (UV) 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 Apple 23" Cinema Display HD (1) Apple 23" Cinema Display HD (2) Dell Black Kid 
PowerCaseMouseAudio
Seasonic SS-660XP2 660W Cubitek Mini Tank Razer Imperator 2012 Klipsch Promedia 5.1 w/ Pioneer VSX-520 receive... 
  hide details  
Reply
mini ITX
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K @ 3.8GHz ASRock Z77E-ITX XFX Radeon HD 6950 2GB Kingston Hyper X 1600 RAM (2X4GB) 
Hard DriveHard DriveCoolingCooling
Samsung 830 128GB Western Digital WD2000KS 2TB Antec Kuhler 620 3X Xigmatek 120mm (UV), 1X Xigmatek 140mm (UV) 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 Apple 23" Cinema Display HD (1) Apple 23" Cinema Display HD (2) Dell Black Kid 
PowerCaseMouseAudio
Seasonic SS-660XP2 660W Cubitek Mini Tank Razer Imperator 2012 Klipsch Promedia 5.1 w/ Pioneer VSX-520 receive... 
  hide details  
Reply
post #8 of 9
Let's just say, Kopi gets around.

Yo, Kopi, wouldn't be maintaining a DSL network? hehehe
My Big Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k 3.4Ghz AsRock P67 Extreme6 Sapphire HD 6970 Ripjaws X DDR 2133 
Hard DriveOptical DriveOSMonitor
WD1002FAEX 1TB - RAID 0 Lite-ON iHBS212 Blu-ray Windows 7 Ultimate x64 Samsung SyncMaster 2494 
KeyboardPowerCaseMouse
Zboard SeaSonic x750 Modular HAF X Logitech G500 
Mouse Pad
Razer eXactMat 
  hide details  
Reply
My Big Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k 3.4Ghz AsRock P67 Extreme6 Sapphire HD 6970 Ripjaws X DDR 2133 
Hard DriveOptical DriveOSMonitor
WD1002FAEX 1TB - RAID 0 Lite-ON iHBS212 Blu-ray Windows 7 Ultimate x64 Samsung SyncMaster 2494 
KeyboardPowerCaseMouse
Zboard SeaSonic x750 Modular HAF X Logitech G500 
Mouse Pad
Razer eXactMat 
  hide details  
Reply
post #9 of 9
Thread Starter 
lol i dont know what you guys are getting at? but i guess i'll take a look at that services thing. Is that my wireless network thingy
Kopisaurus
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz 1.395v Gigabyte P67A-UD3P-B3 ATI HD6950 2GB (flashed --> 6970) 16GB Gskill Sniper 1600mhz 
Hard DriveOptical DriveOSMonitor
500gb WD Black / 2x 1TB WD Black RAID1 LG DVD/RW Super Multi Windows 7 Enterprise x64 ASUS ML239H 23" LED  
KeyboardPowerCaseMouse
Logitech G15 (modded) Corsair TV750W V2 Lian-Li Lancool PC-K62B Logitech G5 
  hide details  
Reply
Kopisaurus
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k @ 5ghz 1.395v Gigabyte P67A-UD3P-B3 ATI HD6950 2GB (flashed --> 6970) 16GB Gskill Sniper 1600mhz 
Hard DriveOptical DriveOSMonitor
500gb WD Black / 2x 1TB WD Black RAID1 LG DVD/RW Super Multi Windows 7 Enterprise x64 ASUS ML239H 23" LED  
KeyboardPowerCaseMouse
Logitech G15 (modded) Corsair TV750W V2 Lian-Li Lancool PC-K62B Logitech G5 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Hijackthis log help