PDA

View Full Version : Convair HJT log



convair
08-12-2009, 07:21 PM
Could some body please check this for any problems.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:09 PM, on 12/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 2520 bytes

xyz823
08-12-2009, 07:34 PM
I have a couple of entries I am curious about too.

O1 - Hosts: ------ Ѹ׿ ------

O13 - Gopher Prefix:

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

What does this file missing part mean? I have a few of them.

Cheers.

Speedy Gonzales
08-12-2009, 07:38 PM
You can tick these then tick fix checked

Close browsers

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Is that all of the log convair?

What version of windows have you got darkstar?? I would tick that hosts entry

That other entry has something to do with WMP, and its network option

xyz823
08-12-2009, 07:40 PM
What version of windows have you got darkstar?? I would tick that hosts entry

That other entry has something to do with WMP, and its network option

Windows 7. It wasnt the WMP part it was the file missing part. What does that mean?

Speedy Gonzales
08-12-2009, 07:47 PM
Windows 7. It wasnt the WMP part it was the file missing part. What does that mean?.

Probably doesnt know what windows 7 is. Dont worry about it leave it there. Its a file related to WMP

xyz823
08-12-2009, 07:49 PM
.

Probably doesnt know what windows 7 is. Dont worry about it leave it there. Its a file related to WMP

And whats the Gopher thing?

Speedy Gonzales
08-12-2009, 07:51 PM
I dont know lol. I have no idea what it is or does. Its probably ready to dig a hole somewhere :p

convair
08-12-2009, 07:57 PM
Thanks for your help Speedy. Got the HJT sorted.

xyz823
08-12-2009, 07:57 PM
I've been reading through this (http://www.aumha.org/a/hjttutor.php) and picking up some useful info from it.

Speedy Gonzales
08-12-2009, 07:59 PM
Thanks for your help Speedy. Got the HJT sorted.

No probs.

convair
09-12-2009, 11:32 AM
Is that all of the log convair?


Thats all of the log that comes up when I run the HJT program. Its not on the internet, so that may be why?

Speedy Gonzales
09-12-2009, 12:14 PM
Nope thats cool. If thats all of the log, thats all of the log. Shouldnt matter, if its on the net or not