Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Member
    Join Date
    Jan 2006
    Location
    Christchurch
    Posts
    292

    Default Hijack this log- can someone have a look please?

    Hi guys, one of my flatmates has been hit with the antivirus-scanonline browser hijacker. I downloaded the latest version of Hijack this from Filehippo and ran it on her PC. This is the log- can someone have a look at this and let me know the relevant bits to tick please? Thanks!

    (And as an aside, I copied the log onto a USB key and then foolishly opened it on my PC to load up the log- have I opened myself up to this hijacker)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:01:52 PM, on 6/5/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Antivirus2008\Antvrs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzx.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=presar io&pf=laptop
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E5B51EC8-3CA0-4DBF-8303-84E1AD152BAA}: NameServer = 203.96.152.4,203.96.152.12
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/*****/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

    --
    End of file - 7719 bytes

  2. #2
    Member
    Join Date
    Jan 2006
    Location
    Christchurch
    Posts
    292

    Default Re: Hijack this log- can someone have a look please?

    Hmmm, already found one! Assuming this is a likely suspect?

    O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe

  3. #3

    Default Re: Hijack this log- can someone have a look please?

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    Thats junk, wait for speedy to come and post more suggestions though.
    Intel Q6600 2.4Ghz
    nVidia 8800GTX
    3GB of 667mhz ram (I know its slow)
    A Dell XPS 720 Case
    750 Watt PSU
    nForce 680i Motherboard
    Windows Vista Ultimate x86

    My horrible internet speed:
    http://www.speedtest.net/result/248693025.png

  4. #4
    Member
    Join Date
    Jan 2006
    Location
    Christchurch
    Posts
    292

    Default Re: Hijack this log- can someone have a look please?

    Bump- Speedy, Pancake, anyone?! lol

    Cheers Spartan BTW!

  5. #5
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Hijack this log- can someone have a look please?

    Tick these entries then tick fix checked

    Close browsers

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    Youre right I think this is rogue software See if there's an entry for it in add/remove programs

    O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe

    024 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/*****/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

    Get rogueremover in my sig, update it then click on scan

  6. #6
    Member
    Join Date
    Jan 2006
    Location
    Christchurch
    Posts
    292

    Default Re: Hijack this log- can someone have a look please?

    Cheers Speedy, running them now!
    Edit: Checked Add/ remove programs, it's not there, guess it wasn't going to be that easy! lol
    Last edited by Sick Puppy; 06-06-2008 at 11:51 PM.

  7. #7
    Member
    Join Date
    Jan 2006
    Location
    Christchurch
    Posts
    292

    Default Re: Hijack this log- can someone have a look please?

    Hey ya, Ticked 'em, clicked on Fix checked, loaded Rogueremover on to my USB key, then uploaded it to flatmates laptop. Ran it, it detected nothing untoward. And the new HJT scan doesn't have those registries anymore. As an aside, she doesn't appear to have much in the way of protection on the PC- AVG only I think? Aside from a firewall like Zonealarm, anything else as a bareminimum she should have (e.g. Adaware, Spybot, Winpatrol etc?)

    Here is the new HJT scan- you reckon it's safe to go on the net again Speedy?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:12:07 PM, on 6/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzx.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=presar io&pf=laptop
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E5B51EC8-3CA0-4DBF-8303-84E1AD152BAA}: NameServer = 203.96.152.4,203.96.152.12
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 6893 bytes

  8. #8
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Hijack this log- can someone have a look please?

    Get trojan remover in my sig, update it then click on scan.

    Then select all options under utilities

    Then open my computer / highlight C / right mouse / scan with trojan remover
    Last edited by Speedy Gonzales; 07-06-2008 at 04:03 PM.

  9. #9
    Member
    Join Date
    Jan 2006
    Location
    Christchurch
    Posts
    292

    Default Re: Hijack this log- can someone have a look please?

    Sorry about the delay Speedy, I've had my nose in books for the last few days studying for an exam!

    Installed, updated and ran Trojan remover, here is the log below. One thing that came up during the scan was that D:Autorun.exe came us as sounding sus?

    ***** NORMAL SCAN FOR ACTIVE MALWARE *****
    Trojan Remover Ver 6.7.0.2534. For information, email support@simplysup1.com
    [Unregistered version]
    Scan started at: 9:54:46 PM 10 Jun 2008
    Using Database v7025
    Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
    File System: NTFS
    Data directory: C:\Documents and Settings\Tanya\Application Data\Simply Super Software\Trojan Remover\
    Database directory: C:\Program Files\Trojan Remover\
    Logfile directory: C:\Documents and Settings\Tanya\My Documents\Simply Super Software\Trojan Remover Logfiles\
    Program directory: C:\Program Files\Trojan Remover\
    Running with Administrator privileges


    **************************************************
    The following Anti-Malware program(s) are loaded:
    AVG Anti-Virus
    AVG Anti-Virus

    **************************************************


    **************************************************
    9:54:46 PM: Scanning ----------WIN.INI-----------
    WIN.INI found in C:\WINDOWS

    **************************************************
    9:54:46 PM: Scanning --------SYSTEM.INI---------
    SYSTEM.INI found in C:\WINDOWS

    **************************************************
    9:54:46 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
    No hidden Services were detected.

    **************************************************
    9:54:46 PM: Scanning -----WINDOWS REGISTRY-----
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    This key's "Shell" value calls the following program(s):
    File: Explorer.exe
    C:\WINDOWS\Explorer.exe
    1033216 bytes
    Created: 8/5/2004
    Modified: 6/13/2007
    Company: Microsoft Corporation
    ----------
    This key's "Userinit" value calls the following program(s):
    File: C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\userinit.exe
    24576 bytes
    Created: 8/5/2004
    Modified: 8/5/2004
    Company: Microsoft Corporation
    ----------
    This key's "System" value appears to be blank
    ----------
    This key's "UIHost" value calls the following program:
    File: logonui.exe
    C:\WINDOWS\system32\logonui.exe
    514560 bytes
    Created: 8/5/2004
    Modified: 8/5/2004
    Company: Microsoft Corporation
    ----------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value Name: load
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value Name: hpWirelessAssistant
    Value Data: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    454656 bytes
    Created: 2/15/2006
    Modified: 2/15/2006
    Company: Hewlett-Packard Development Company, L.P.
    --------------------
    Value Name: NvCplDaemon
    Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    C:\WINDOWS\system32\NvCpl.dll
    7561216 bytes
    Created: 8/4/2006
    Modified: 4/22/2006
    Company: NVIDIA Corporation
    --------------------
    Value Name: High Definition Audio Property Page Shortcut
    Value Data: CHDAudPropShortcut.exe
    C:\WINDOWS\system32\CHDAudPropShortcut.exe
    61952 bytes
    Created: 8/4/2006
    Modified: 4/18/2006
    Company: Windows (R) Server 2003 DDK provider
    --------------------
    Value Name: SynTPEnh
    Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    761948 bytes
    Created: 8/3/2006
    Modified: 3/4/2006
    Company: Synaptics, Inc.
    --------------------
    Value Name: QPService
    Value Data: "C:\Program Files\HP\QuickPlay\QPService.exe"
    C:\Program Files\HP\QuickPlay\QPService.exe
    102400 bytes
    Created: 8/3/2006
    Modified: 4/12/2006
    Company: CyberLink Corp.
    --------------------
    Value Name: QlbCtrl
    Value Data: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    131072 bytes
    Created: 8/3/2006
    Modified: 3/23/2006
    Company: Hewlett-Packard Development Company, L.P.
    --------------------
    Value Name: Cpqset
    Value Data: C:\Program Files\HPQ\Default Settings\cpqset.exe
    C:\Program Files\HPQ\Default Settings\cpqset.exe
    40960 bytes
    Created: 8/3/2006
    Modified: 1/26/2006
    Company:
    --------------------
    Value Name: RecGuard
    Value Data: C:\Windows\SMINST\RecGuard.exe
    C:\Windows\SMINST\RecGuard.exe
    1187840 bytes
    Created: 8/4/2006
    Modified: 10/11/2005
    Company:
    --------------------
    Value Name: IMJPMIG8.1
    Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
    208952 bytes
    Created: 5/9/2007
    Modified: 8/5/2004
    Company: Microsoft Corporation
    --------------------
    Value Name: IMEKRMIG6.1
    Value Data: C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    44032 bytes
    Created: 5/9/2007
    Modified: 8/5/2004
    Company: Microsoft Corporation
    --------------------
    Value Name: MSPY2002
    Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
    59392 bytes
    Created: 5/9/2007
    Modified: 8/5/2004
    Company:
    --------------------
    Value Name: PHIME2002ASync
    Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
    455168 bytes
    Created: 5/9/2007
    Modified: 8/5/2004
    Company: Microsoft Corporation
    --------------------
    Value Name: PHIME2002A
    Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
    455168 bytes
    Created: 5/9/2007
    Modified: 8/5/2004
    Company: Microsoft Corporation
    --------------------
    Value Name: AVG7_CC
    Value Data: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    579584 bytes
    Created: 5/26/2007
    Modified: 4/16/2008
    Company: GRISOFT, s.r.o.
    --------------------
    Value Name: TrojanScanner
    Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
    C:\Program Files\Trojan Remover\Trjscan.exe
    878672 bytes
    Created: 6/10/2008
    Modified: 6/3/2008
    Company: Simply Super Software
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Value Name: swg
    Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    68856 bytes
    Created: 7/27/2007
    Modified: 7/27/2007
    Company: Google Inc.
    --------------------
    Value Name: ctfmon.exe
    Value Data: C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    15360 bytes
    Created: 8/5/2004
    Modified: 8/5/2004
    Company: Microsoft Corporation
    --------------------
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
    This Registry Key appears to be empty

    **************************************************
    9:54:48 PM: Scanning -----SHELLEXECUTEHOOKS-----
    ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
    File: shell32.dll - this file is expected and has been left in place
    ----------

    **************************************************
    9:54:48 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
    Taskdir check completed
    ----------
    No Hidden File-loading Registry Entries found
    ----------

    **************************************************
    9:54:48 PM: Scanning -----ACTIVE SCREENSAVER-----
    ScreenSaver: C:\WINDOWS\system32\logon.scr
    C:\WINDOWS\system32\logon.scr
    220672 bytes
    Created: 8/5/2004
    Modified: 8/5/2004
    Company: Microsoft Corporation
    --------------------

    **************************************************
    9:54:48 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

    **************************************************
    9:54:49 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
    Key: AppMgmt
    %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
    --------------------
    Key: HidServ
    %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
    --------------------

    **************************************************
    9:54:49 PM: Scanning ----- SERVICES REGISTRY KEYS -----
    Key: Avg7Alrt
    ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    418816 bytes
    Created: 5/26/2007
    Modified: 10/23/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: Avg7Core
    ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
    C:\WINDOWS\System32\Drivers\avg7core.sys
    821856 bytes
    Created: 5/26/2007
    Modified: 10/23/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: Avg7RsW
    ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
    C:\WINDOWS\System32\Drivers\avg7rsw.sys
    4224 bytes
    Created: 5/26/2007
    Modified: 5/26/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: Avg7RsXP
    ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
    C:\WINDOWS\System32\Drivers\avg7rsxp.sys
    27776 bytes
    Created: 5/26/2007
    Modified: 5/26/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: Avg7UpdSvc
    ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    49664 bytes
    Created: 5/26/2007
    Modified: 5/26/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: AvgClean
    ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
    C:\WINDOWS\System32\Drivers\avgclean.sys
    10760 bytes
    Created: 5/26/2007
    Modified: 12/21/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: AVGEMS
    ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    406528 bytes
    Created: 5/26/2007
    Modified: 12/21/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: AvgTdi
    ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
    C:\WINDOWS\System32\Drivers\avgtdi.sys
    4960 bytes
    Created: 5/26/2007
    Modified: 5/26/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: eabfiltr
    ImagePath: system32\DRIVERS\eabfiltr.sys
    C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
    7808 bytes
    Created: 8/3/2006
    Modified: 9/19/2005
    Company: Hewlett-Packard Development Company, L.P.
    ----------
    Key: eabusb
    ImagePath: system32\DRIVERS\eabusb.sys
    C:\WINDOWS\system32\DRIVERS\eabusb.sys
    5760 bytes
    Created: 8/3/2006
    Modified: 9/19/2005
    Company: Hewlett-Packard Development Company, L.P.
    ----------
    Key: gusvc
    ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    138168 bytes
    Created: 5/30/2007
    Modified: 5/30/2007
    Company: Google
    ----------
    Key: HBtnKey
    ImagePath: system32\DRIVERS\cpqbttn.sys
    C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
    9344 bytes
    Created: 8/3/2006
    Modified: 9/19/2005
    Company: Hewlett-Packard Development Company, L.P.
    ----------
    Key: HdAudAddService
    ImagePath: system32\drivers\CHDAud.sys
    C:\WINDOWS\system32\drivers\CHDAud.sys
    569856 bytes
    Created: 8/4/2006
    Modified: 4/18/2006
    Company: Conexant Systems Inc.
    ----------
    Key: HDAudBus
    ImagePath: system32\DRIVERS\HDAudBus.sys
    C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    138752 bytes
    Created: 1/7/2005
    Modified: 1/7/2005
    Company: Windows (R) Server 2003 DDK provider
    ----------
    Key: HSFHWAZL
    ImagePath: system32\DRIVERS\HSFHWAZL.sys
    C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    206976 bytes
    Created: 8/4/2006
    Modified: 3/10/2006
    Company: Conexant Systems, Inc.
    ----------
    Key: iaStor
    ImagePath: \SystemRoot\system32\DRIVERS\iaStor.sys
    C:\WINDOWS\system32\DRIVERS\iaStor.sys
    874240 bytes
    Created: 10/13/2005
    Modified: 10/13/2005
    Company: Intel Corporation
    ----------
    Key: IDriverT
    ImagePath: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
    c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    73728 bytes
    Created: 10/22/2004
    Modified: 10/22/2004
    Company: Macrovision Corporation
    ----------
    Key: nvata
    ImagePath: system32\DRIVERS\nvata.sys
    C:\WINDOWS\system32\DRIVERS\nvata.sys
    99584 bytes
    Created: 8/4/2006
    Modified: 1/28/2006
    Company: NVIDIA Corporation
    ----------
    Key: NVENETFD
    ImagePath: system32\DRIVERS\NVENETFD.sys
    C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    34176 bytes
    Created: 8/4/2006
    Modified: 3/4/2006
    Company: NVIDIA Corporation
    ----------
    Key: nvnetbus
    ImagePath: system32\DRIVERS\nvnetbus.sys
    C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    13056 bytes
    Created: 8/4/2006
    Modified: 3/4/2006
    Company: NVIDIA Corporation
    ----------
    Key: nvsmu
    ImagePath: system32\DRIVERS\nvsmu.sys
    C:\WINDOWS\system32\DRIVERS\nvsmu.sys
    11136 bytes
    Created: 8/4/2006
    Modified: 3/7/2006
    Company: NVIDIA Corporation
    ----------
    Key: rimmptsk
    ImagePath: system32\DRIVERS\rimmptsk.sys
    C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    28928 bytes
    Created: 8/4/2006
    Modified: 11/17/2005
    Company: REDC
    ----------
    Key: rimsptsk
    ImagePath: system32\DRIVERS\rimsptsk.sys
    C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    51840 bytes
    Created: 8/4/2006
    Modified: 12/22/2005
    Company: REDC
    ----------
    Key: rismxdp
    ImagePath: system32\DRIVERS\rixdptsk.sys
    C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    308992 bytes
    Created: 8/4/2006
    Modified: 11/1/2005
    Company: REDC
    ----------
    Key: SONYPVU1
    ImagePath: system32\DRIVERS\SONYPVU1.SYS
    C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    7552 bytes
    Created: 1/4/2008
    Modified: 8/17/2001
    Company: Sony Corporation
    ----------
    Key: SwPrv
    ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{772CA9E5-5C35-411C-9382-F4795BC3F71D}
    C:\WINDOWS\system32\dllhost.exe
    5120 bytes
    Created: 8/5/2004
    Modified: 8/5/2004
    Company: Microsoft Corporation
    ----------
    Key: SynTP
    ImagePath: system32\DRIVERS\SynTP.sys
    C:\WINDOWS\system32\DRIVERS\SynTP.sys
    192736 bytes
    Created: 8/3/2006
    Modified: 3/4/2006
    Company: Synaptics, Inc.
    ----------
    Key: UStorage Server Service
    ImagePath: C:\WINDOWS\system32\UStorSrv.exe /Service
    C:\WINDOWS\system32\UStorSrv.exe
    143360 bytes
    Created: 3/4/2008
    Modified: 7/12/2005
    Company: OTi
    ----------

    **************************************************
    9:54:58 PM: Scanning -----VXD ENTRIES-----

    **************************************************
    9:54:58 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----

    **************************************************
    9:54:58 PM: Scanning ----- CONTEXTMENUHANDLERS -----
    Key: AVG7 Shell Extension
    CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
    Path: C:\Program Files\Grisoft\AVG Free\avgse.dll
    C:\Program Files\Grisoft\AVG Free\avgse.dll
    50688 bytes
    Created: 5/26/2007
    Modified: 5/26/2007
    Company: GRISOFT, s.r.o.
    ----------

    **************************************************
    9:54:58 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----

    **************************************************
    9:54:58 PM: Scanning ----- BROWSER HELPER OBJECTS -----
    Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    62080 bytes
    Created: 10/22/2006
    Modified: 10/22/2006
    Company: Adobe Systems Incorporated
    ----------
    Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    BHO: C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    509328 bytes
    Created: 5/11/2008
    Modified: 2/22/2008
    Company: Sun Microsystems, Inc.
    ----------
    Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    BHO: c:\program files\google\googletoolbar2.dll
    c:\program files\google\googletoolbar2.dll
    -R- 2403392 bytes
    Created: 5/30/2007
    Modified: 1/19/2007
    Company: Google Inc.
    ----------
    Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    BHO: C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
    C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
    734704 bytes
    Created: 5/12/2008
    Modified: 5/12/2008
    Company: Google Inc.
    ----------

    **************************************************
    9:54:58 PM: Scanning ----- SHELLSERVICEOBJECTS -----

    **************************************************
    9:54:58 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

    **************************************************
    9:54:58 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
    No "Debugger" entries found.

    **************************************************
    9:54:58 PM: Scanning ----- APPINIT_DLLS -----
    The AppInit_DLLs value is blank

    **************************************************
    9:54:58 PM: Scanning ----- SECURITY PROVIDER DLLS -----

    **************************************************
    9:54:58 PM: Scanning ------ COMMON STARTUP GROUP ------
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    The Common Startup Group attempts to load the following file(s) at boot time:
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    -HS- 84 bytes
    Created: 3/28/2006
    Modified: 3/28/2006
    Company:
    --------------------
    C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    73728 bytes
    Created: 9/25/2005
    Modified: 9/25/2005
    Company: Hewlett-Packard Development Company, L.P.
    HP Photosmart Premier Fast Start.lnk - links to C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    --------------------

    **************************************************
    9:54:58 PM: Scanning ------ USER STARTUP GROUPS ------
    --------------------
    Checking Startup Group for: Tanya
    [C:\Documents and Settings\Tanya\START MENU\PROGRAMS\STARTUP]
    The Startup Group for Tanya attempts to load the following file(s):
    C:\Documents and Settings\Tanya\START MENU\PROGRAMS\STARTUP\desktop.ini
    -HS- 84 bytes
    Created: 5/9/2007
    Modified: 3/28/2006
    Company:
    ----------

    **************************************************
    9:54:59 PM: Scanning ----- SCHEDULED TASKS -----
    Taskname: avgwb.job
    File: C:\Program Files\Grisoft\AVG Free\avgw.exe
    C:\Program Files\Grisoft\AVG Free\avgw.exe
    219136 bytes
    Created: 5/26/2007
    Modified: 10/23/2007
    Company: GRISOFT, s.r.o.
    Parameters: [blank]
    Next Run Time: 6/11/2008 7:00:00 PM
    Status: The task is ready to run at its next scheduled time
    Creator: Tanya
    Comments: [blank]
    ----------
    Taskname: HPCeeSchedule.job
    File: C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
    C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
    81920 bytes
    Created: 9/8/2005
    Modified: 9/8/2005
    Company: Hewlett Packard
    Parameters: HPCeeSchedule (null)
    Next Run Time: 7/3/2008 5:04:00 PM
    Status: The task is ready to run at its next scheduled time
    Creator: Tanya
    Comments: [blank]
    ----------

    **************************************************
    9:54:59 PM: ----- ADDITIONAL CHECKS -----
    PE386 rootkit checks completed
    ----------
    Winlogon registry rootkit checks completed
    ----------
    Heuristic checks for hidden files/drivers completed
    ----------
    Layered Service Provider entries checks completed
    ----------
    Windows Explorer Policies checks completed
    ----------
    Desktop Wallpaper: C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    1440054 bytes
    Created: 5/12/2007
    Modified: 4/19/2008
    Company:
    ----------
    Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    1440054 bytes
    Created: 5/12/2007
    Modified: 4/19/2008
    Company:
    ----------
    Checking autorun.inf in D:\
    D:\autorun.inf ShellExecute entry: [Info.exe protect.ed 480 480]
    D:\Info.exe
    -HS- 73728 bytes
    Created: 11/30/2004
    Modified: 11/29/2004
    Company: XSS
    ----------
    --------------------
    Additional file checks completed

    **************************************************
    9:55:12 PM: Scanning ----- RUNNING PROCESSES -----

    C:\WINDOWS\System32\smss.exe
    --------------------
    C:\WINDOWS\system32\csrss.exe
    --------------------
    C:\WINDOWS\system32\winlogon.exe
    --------------------
    C:\WINDOWS\system32\services.exe
    --------------------
    C:\WINDOWS\system32\lsass.exe
    --------------------
    C:\WINDOWS\system32\svchost.exe
    --------------------
    C:\WINDOWS\system32\svchost.exe
    --------------------
    C:\WINDOWS\System32\svchost.exe
    --------------------
    C:\WINDOWS\system32\svchost.exe
    --------------------
    C:\WINDOWS\system32\svchost.exe
    --------------------
    C:\WINDOWS\system32\spoolsv.exe
    --------------------
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    --------------------
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    --------------------
    C:\WINDOWS\Explorer.EXE
    --------------------
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    --------------------
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    --------------------
    C:\WINDOWS\system32\nvsvc32.exe
    --------------------
    C:\WINDOWS\system32\wdfmgr.exe
    --------------------
    C:\WINDOWS\system32\UStorSrv.exe
    --------------------
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    --------------------
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    --------------------
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    --------------------
    C:\Program Files\HP\QuickPlay\QPService.exe
    --------------------
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    --------------------
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    --------------------
    C:\WINDOWS\system32\ctfmon.exe
    --------------------
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    --------------------
    C:\WINDOWS\System32\alg.exe
    --------------------
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    --------------------
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    --------------------
    C:\Documents and Settings\Tanya\Application Data\Simply Super Software\Trojan Remover\rmq2.exe
    FileSize: 2486848
    [This is a Trojan Remover component]
    --------------------
    --------------------

    **************************************************
    9:55:14 PM: Checking AUTOEXEC.NT file
    AUTOEXEC.NT found in C:\WINDOWS\system32
    No malicious entries were found in the AUTOEXEC.NT file

    **************************************************
    9:55:14 PM: Checking HOSTS file
    No malicious entries were found in the HOSTS file

    **************************************************
    ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
    http://www.google.com/ie
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
    http://www.nzx.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
    http://www.google.com

    **************************************************
    === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
    Scan completed at: 9:55:14 PM 10 Jun 2008
    ************************************************** **********

  10. #10
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Hijack this log- can someone have a look please?

    Looks like that autorun.exe belongs to Winantivirus, the program in your log.

    WHAT did you tell trojan remover to do with it?

    Whats D?? Thats not the main hdd is it?
    Last edited by Speedy Gonzales; 10-06-2008 at 11:03 PM.

Similar Threads

  1. Hijack this.
    By password in forum PressF1
    Replies: 2
    Last Post: 24-03-2008, 03:38 PM
  2. Hijack log
    By kjaada in forum PressF1
    Replies: 2
    Last Post: 31-08-2007, 11:56 AM
  3. Hijack.
    By Cicero in forum PressF1
    Replies: 39
    Last Post: 12-03-2007, 11:30 AM
  4. hijack this
    By rawkus1020 in forum PressF1
    Replies: 4
    Last Post: 16-08-2006, 04:12 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •