PDA

View Full Version : Hijack This Log



davidmmac
08-12-2008, 04:33 PM
Hi there,
Just did a hijack this log to see if there is anything unwanted on my pc:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:04 p.m., on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache

Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\BandwidthMeter\BandwidthMeter.exe
C:\Program Files\Sony\Sony Picture

Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache

Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.co.nz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.114la.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet

Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -

C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-

64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} -

C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

- C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog

Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe

-silent
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - Startup: Bandwidth Meter.lnk = C:\Program

Files\BandwidthMeter\BandwidthMeter.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program

Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Traffic Usage Checker.lnk = C:\Program Files\Traffic Usage

Checker\tuc.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program

Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-

8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-

0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wu

web_site.cab?1192751964859
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER

INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) -

Unknown owner - C:\Program

Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG

Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache

Software Foundation - C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero\Nero 7\Nero

BackItUp\NBService.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software

Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation -

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation -

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner

- C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 9200 bytes

Any help would be greatly appreciated.

Speedy Gonzales
08-12-2008, 05:18 PM
I would uninstall Nvidia firewall, it can cause probs (a lot of probs)

Its called NVIDIA ForceWare Network Access Manager

Hmm, I'm not too sure WHAT Nhancer is, or what it does

Uninstall all versions of Java, its out of date, then update it

Tick these then tick fix checked

Close browsers

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog
Devices\SoundMAX\Smax4.exe" /tray

davidmmac
08-12-2008, 05:30 PM
Thanks speedy, just doing that now.

nhancer (http://www.nhancer.com/): Advanced control panel for nvidia video cards, however I don't use it, so I'll uninstall it.

Speedy Gonzales
08-12-2008, 05:36 PM
No probs, ah ok, now I know what Nhancer belongs to

davidmmac
08-12-2008, 05:47 PM
Thanks very much for your help :)

Speedy Gonzales
08-12-2008, 05:47 PM
No worries HTH :)

apsattv
08-12-2008, 08:50 PM
Update to IE7 / service pack 3

davidmmac
08-12-2008, 09:43 PM
Update to IE7 / service pack 3

Can't, I purchased the computer off trade me and it came with a non-genuine copy of xp, and I haven't got round to purchasing a genuine copy. I went to buy one the other day but I noticed the price had increased from $196 to $222 for an OEM copy of vista, so I left it, hoping the price would come down in the near future.

Blam
08-12-2008, 09:49 PM
You can get someone to download both for you and put it on a disc, or use something like autopatcher

apsattv
09-12-2008, 03:52 AM
Actually I thought IE7 is available for download to all machines even non genuine XP can download it?

davidmmac
09-12-2008, 07:24 AM
Actually I thought IE7 is available for download to all machines even non genuine XP can download it?

I'm 99% sure it does a genuine check on windows, I couldn't install WMP 11 because of it (the genuine check). I don't use IE anyway, so and upgrade wouldn't be almost pointless.

Speedy Gonzales
09-12-2008, 08:10 AM
There is a version of IE and WMP that dont need validation now.

On the MS site

Bussani
09-12-2008, 01:22 PM
Is there any reason to update to IE7 if you use a different browser? Does it effect Windows Explorer?

Blam
09-12-2008, 05:02 PM
Not as far as I'm concerned....google search might show up somethign though

apsattv
09-12-2008, 06:30 PM
I think having IE6 on the machine opens you up to various security exploits even if you don't actually use it.

davidmmac
09-12-2008, 08:36 PM
I have upgraded to both IE7 and WMP11. Thanks for all your help guys :thanks

Blam
09-12-2008, 08:44 PM
What stuff do you do with your laptop?
If its simple stuff then you could just get a distro of linux your comfortable with instead of forking out a hundred and something bucks for a piece of "*"*"

davidmmac
09-12-2008, 09:06 PM
What stuff do you do with your laptop?
If its simple stuff then you could just get a distro of linux your comfortable with instead of forking out a hundred and something bucks for a piece of "*"*"

It's a desktop and I play games (mainly fifa 09, but also need for speed, the sims, v8 supercars 3, those sorts of games) as well as going on the internet and checking e-mail ect.

Blam
09-12-2008, 09:10 PM
Forget linux, you're going to play games.