Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Hijack This Log

  1. #1
    Member davidmmac's Avatar
    Join Date
    Oct 2008
    Location
    The mighty Waikato...
    Posts
    828

    Default Hijack This Log

    Hi there,
    Just did a hijack this log to see if there is anything unwanted on my pc:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:27:04 p.m., on 8/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache

    Group\Apache2\bin\apache.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\nHancer\nHancerService.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\WinTV\Ir.exe
    C:\Program Files\BandwidthMeter\BandwidthMeter.exe
    C:\Program Files\Sony\Sony Picture

    Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache

    Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.google.co.nz/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

    http://www.114la.com/index.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet

    Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -

    C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

    C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

    5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

    Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-

    64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} -

    C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

    Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog

    Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

    bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe

    -silent
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
    O4 - Startup: Bandwidth Meter.lnk = C:\Program

    Files\BandwidthMeter\BandwidthMeter.exe
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program

    Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: Traffic Usage Checker.lnk = C:\Program Files\Traffic Usage

    Checker\tuc.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program

    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program

    Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program

    Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

    00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

    C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-

    8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

    Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

    C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-

    0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://www.update.microsoft.com/wind.../x86/client/wu

    web_site.cab?1192751964859
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

    Class) -

    http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

    Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER

    INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

    Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

    Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program

    Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) -

    Unknown owner - C:\Program

    Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -

    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG

    Services\System\EPGService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

    C:\Program Files\Common Files\Macrovision Shared\FLEXnet

    Publisher\FNPLicensingService.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache

    Software Foundation - C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

    32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - D:\Nero\Nero 7\Nero

    BackItUp\NBService.exe
    O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software

    Engineering - C:\Program Files\nHancer\nHancerService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

    Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation -

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation -

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner

    - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

    --
    End of file - 9200 bytes

    Any help would be greatly appreciated.

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Hijack This Log

    I would uninstall Nvidia firewall, it can cause probs (a lot of probs)

    Its called NVIDIA ForceWare Network Access Manager

    Hmm, I'm not too sure WHAT Nhancer is, or what it does

    Uninstall all versions of Java, its out of date, then update it

    Tick these then tick fix checked

    Close browsers

    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
    Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog
    Devices\SoundMAX\Smax4.exe" /tray

  3. #3
    Member davidmmac's Avatar
    Join Date
    Oct 2008
    Location
    The mighty Waikato...
    Posts
    828

    Default Re: Hijack This Log

    Thanks speedy, just doing that now.

    nhancer: Advanced control panel for nvidia video cards, however I don't use it, so I'll uninstall it.

  4. #4
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Hijack This Log

    No probs, ah ok, now I know what Nhancer belongs to

  5. #5
    Member davidmmac's Avatar
    Join Date
    Oct 2008
    Location
    The mighty Waikato...
    Posts
    828

    Default Re: Hijack This Log

    Thanks very much for your help

  6. #6
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Hijack This Log

    No worries HTH

  7. #7
    Senior Member
    Join Date
    Jan 2007
    Posts
    954

    Default Re: Hijack This Log

    Update to IE7 / service pack 3

  8. #8
    Member davidmmac's Avatar
    Join Date
    Oct 2008
    Location
    The mighty Waikato...
    Posts
    828

    Default Re: Hijack This Log

    Quote Originally Posted by apsattv View Post
    Update to IE7 / service pack 3
    Can't, I purchased the computer off trade me and it came with a non-genuine copy of xp, and I haven't got round to purchasing a genuine copy. I went to buy one the other day but I noticed the price had increased from $196 to $222 for an OEM copy of vista, so I left it, hoping the price would come down in the near future.

  9. #9
    Senior Member Blam's Avatar
    Join Date
    Apr 2008
    Posts
    7,382

    Default Re: Hijack This Log

    You can get someone to download both for you and put it on a disc, or use something like autopatcher


  10. #10
    Senior Member
    Join Date
    Jan 2007
    Posts
    954

    Default Re: Hijack This Log

    Actually I thought IE7 is available for download to all machines even non genuine XP can download it?

Similar Threads

  1. Help with HiJack this log
    By Ally in forum PressF1
    Replies: 3
    Last Post: 23-06-2008, 05:48 PM
  2. Hijack this another one
    By Arnie in forum PressF1
    Replies: 1
    Last Post: 16-05-2008, 11:50 AM
  3. hijack this plz
    By password in forum PressF1
    Replies: 23
    Last Post: 27-04-2008, 10:27 PM
  4. Hijack this log
    By password in forum PressF1
    Replies: 5
    Last Post: 23-12-2007, 04:45 PM
  5. hijack this log
    By AhciD in forum PressF1
    Replies: 2
    Last Post: 30-11-2006, 02:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •