New Posts  All Forums:Forum Nav:

hijack this log

post #1 of 7
Thread Starter 
Quote:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:40:45 AM, on 1/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Tablet\\Pen\\Pen_TouchService.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Tablet\\Pen\\Pen_TouchUser.exe
C:\\WINDOWS\\RTHDCPL.EXE
C:\\Program Files\\COMODO\\COMODO Internet Security\\cfp.exe
C:\\Program Files\\Adobe\\Photoshop Elements 7.0\\PhotoshopElementsFileAgent.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Common Files\\Motive\\McciCMService.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\
vsvc32.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Tablet\\Pen\\Pen_Tablet.exe
C:\\Program Files\\Tablet\\Pen\\Pen_TabletUser.exe
C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe
C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\
msrvc.exe
C:\\Program Files\\Tablet\\Pen\\Pen_Tablet.exe
C:\\PROGRA~1\\Yahoo!\\Messenger\\ymsgr_tray.exe
C:\\WINDOWS\\system32\\msiexec.exe
C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.yahoo.com
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.yahoo.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.searchqu.com/sidebar.html?src=ssb&sysid=101
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt .dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt .dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\\Program Files\\Yahoo!\\Search Protection\\ysp.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\\Program Files\\DivX\\DivX Plus Web Player\
pdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\\Program Files\\DivX\\DivX Plus Web Player\
pdivx32.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugi n.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\\Program Files\\Yontoo Layers Client\\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\YT SingleInstance.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn\\yt .dll
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [COMODO Internet Security] "C:\\Program Files\\COMODO\\COMODO Internet Security\\cfp.exe" -h
O4 - HKCU\\..\\Run: [Messenger (Yahoo!)] "C:\\PROGRA~1\\Yahoo!\\Messenger\\YahooMessenger.e xe" -quiet
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\\Program Files\\Yahoo!\\Search Protection\\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\\Program Files\\Yahoo!\\Search Protection\\ysp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe (file missing)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: C:\\WINDOWS\\system32\\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\\Program Files\\Adobe\\Photoshop Elements 7.0\\PhotoshopElementsFileAgent.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\\Program Files\\Common Files\\Motive\\McciCMService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\
msrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\
vsvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\\Program Files\\Tablet\\Pen\\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\\Program Files\\Tablet\\Pen\\Pen_TouchService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe

--
End of file - 7508 bytes
do you guys see anything suspicious?
Ill prop
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
post #2 of 7
Quickly browsing through your logfile, nothing looks really suspicious.

The only thing that raises an eyebrow for me is it seems you use alot of extra toolbars in your browser.

Have you considered migrating to windows 7? much more stable and secure than xp, even when it was still supported by microsoft
    
CPUMotherboardGraphicsRAM
AMD x6 1055t @ 3.7ghz MSI 790fx-gd70 Gigabyte 5870 (4x4gb)Gskill ripjaw ddr3 
Hard DriveOptical DriveOSMonitor
Crucial M4 512gb SSD, 2x2TB green 2x Asus 24x sata dvdrw Windows7 64 ultimate dual 24" Dell 2407wfp 1920x1200 
KeyboardPowerCaseMouse
Corsair K90 Antec TruePower blue 750w CoolerMaster HAF932 w/ usb3.0! Logitech g500 
Mouse Pad
Allsop 12''x14'' 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD x6 1055t @ 3.7ghz MSI 790fx-gd70 Gigabyte 5870 (4x4gb)Gskill ripjaw ddr3 
Hard DriveOptical DriveOSMonitor
Crucial M4 512gb SSD, 2x2TB green 2x Asus 24x sata dvdrw Windows7 64 ultimate dual 24" Dell 2407wfp 1920x1200 
KeyboardPowerCaseMouse
Corsair K90 Antec TruePower blue 750w CoolerMaster HAF932 w/ usb3.0! Logitech g500 
Mouse Pad
Allsop 12''x14'' 
  hide details  
Reply
post #3 of 7
Thread Starter 
Quote:
Originally Posted by cozmo5050 View Post
Quickly browsing through your logfile, nothing looks really suspicious.

The only thing that raises an eyebrow for me is it seems you use alot of extra toolbars in your browser.

Have you considered migrating to windows 7? much more stable and secure than xp, even when it was still supported by microsoft
-_- my sister keeps installing em, I always remove em. Ive had windows 7 before I plan on switching back once I get a new harddrive.
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
post #4 of 7
Quote:
Originally Posted by youngmoney View Post
-_- my sister keeps installing em, I always remove em. Ive had windows 7 before I plan on switching back once I get a new harddrive.
Always keep toolbars to a min because they act as a magent to unwanted guests.
X79-GCN
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel 3930K 4.5GHz HT GIGABYTE GA-X79-UP4 AMD R9-290X GEil Evo Potenza DDR3 2400MHz CL10 (4x4GB) 
Hard DriveCoolingCoolingCooling
Samsung 840 Pro 120GB EK Supremacy (CPU) NF F12's P/P (360 Rad)  NF A14's (420 Rad)  
CoolingCoolingCoolingCooling
XSPC Chrome Compression Fittings EK RES X3 150 Primochill PremoFlex Advanced LRT Clear 1/2 ID EK-FC (R9 290X) 
CoolingCoolingCoolingOS
EK D5 Vario Top-X  Phobya G-Changer V2 360mm Phobya G-Changer V2 420mm Win 10 x64 Pro 
MonitorKeyboardPowerCase
BenQ XR3501 35" Curved Corsair Vengeance K90 Seasonic X-1250 Gold (v2) Corsair 900D 
MouseAudio
Logitech G400s Senn HD 598 
  hide details  
Reply
X79-GCN
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel 3930K 4.5GHz HT GIGABYTE GA-X79-UP4 AMD R9-290X GEil Evo Potenza DDR3 2400MHz CL10 (4x4GB) 
Hard DriveCoolingCoolingCooling
Samsung 840 Pro 120GB EK Supremacy (CPU) NF F12's P/P (360 Rad)  NF A14's (420 Rad)  
CoolingCoolingCoolingCooling
XSPC Chrome Compression Fittings EK RES X3 150 Primochill PremoFlex Advanced LRT Clear 1/2 ID EK-FC (R9 290X) 
CoolingCoolingCoolingOS
EK D5 Vario Top-X  Phobya G-Changer V2 360mm Phobya G-Changer V2 420mm Win 10 x64 Pro 
MonitorKeyboardPowerCase
BenQ XR3501 35" Curved Corsair Vengeance K90 Seasonic X-1250 Gold (v2) Corsair 900D 
MouseAudio
Logitech G400s Senn HD 598 
  hide details  
Reply
post #5 of 7
Thread Starter 
Quote:
Originally Posted by BradleyW View Post
Always keep toolbars to a min because they act as a magent to unwanted guests.
Yeah I ususally uninstall em when I see em, But I use firefox so half the time I dont know that she installed any because their in opera or IE.
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
post #6 of 7
Quote:
Originally Posted by youngmoney View Post
-_- my sister keeps installing em, I always remove em. Ive had windows 7 before I plan on switching back once I get a new harddrive.
What type of problems are u having?

Also keep in mind alot of the virus/spyware/malware stuff that gets on your pc exploits adobe-related software. It's standard procedure to keep your programs updated - adobe photoshop, flash player, etc etc

You can also set adminstrative rights and create seperate login/guest accounts for other people when sharing the same computer. That way your sister or mother in-law cant install random software
Edited by cozmo5050 - 1/30/11 at 7:32am
    
CPUMotherboardGraphicsRAM
AMD x6 1055t @ 3.7ghz MSI 790fx-gd70 Gigabyte 5870 (4x4gb)Gskill ripjaw ddr3 
Hard DriveOptical DriveOSMonitor
Crucial M4 512gb SSD, 2x2TB green 2x Asus 24x sata dvdrw Windows7 64 ultimate dual 24" Dell 2407wfp 1920x1200 
KeyboardPowerCaseMouse
Corsair K90 Antec TruePower blue 750w CoolerMaster HAF932 w/ usb3.0! Logitech g500 
Mouse Pad
Allsop 12''x14'' 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD x6 1055t @ 3.7ghz MSI 790fx-gd70 Gigabyte 5870 (4x4gb)Gskill ripjaw ddr3 
Hard DriveOptical DriveOSMonitor
Crucial M4 512gb SSD, 2x2TB green 2x Asus 24x sata dvdrw Windows7 64 ultimate dual 24" Dell 2407wfp 1920x1200 
KeyboardPowerCaseMouse
Corsair K90 Antec TruePower blue 750w CoolerMaster HAF932 w/ usb3.0! Logitech g500 
Mouse Pad
Allsop 12''x14'' 
  hide details  
Reply
post #7 of 7
Thread Starter 
Quote:
Originally Posted by cozmo5050 View Post
What type of problems are u having?

Also keep in mind alot of the virus/spyware/malware stuff that gets on your pc exploits adobe-related software. It's standard procedure to keep your programs updated - adobe photoshop, flash player, etc etc



ive used spybot,malwarebytes, comodo
yet I seem to keep getting notifications about them.
So far this morning After running comodo and restarting my computer I think maybe Ive gotten rid of them.
Edited by youngmoney - 1/30/11 at 7:40am
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
DA RIG
(13 items)
 
  
CPUMotherboardGraphicsRAM
athlon 3800+ ASUS A8N-ASUS A8N-SLI 939 NVIDIA nForce4 2X 7600GS 512mb 3gb 
Hard DriveOSKeyboardPower
500gb windows xp pro Rosewill RK-100 Black 107 Normal Keys USB Standard Apevia turbolink 500watts 
Case
12-Bay ATX Computer Case (Black) 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security