Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Hijackthis!  (Read 9833 times)

0 Members and 1 Guest are viewing this topic.

Giga

    Topic Starter


    Rookie
  • Giga
    Hijackthis!
    « on: July 26, 2004, 08:34:43 PM »
    Logfile of HijackThis v1.98.0
    Scan saved at 22:50:59, on 7/26/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\LEXBCES.EXE
    C:\windows\system32\spoolsv.exe
    C:\windows\system32\LEXPPS.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\windows\System32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\windows\Explorer.EXE
    C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
    C:\windows\System32\carpserv.exe
    C:\windows\Mixer.exe
    C:\Program Files\USB Storage Device\shwicon.exe
    C:\windows\System32\RUNDLL32.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\windows\System32\conime.exe
    C:\Documents and Settings\user\Desktop\RC\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: ?eé??ìò?(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
    O3 - Toolbar: ??·??ì3μ - {3EA85E14-887D-4E2F-91E2-3158CE58ED62} - C:\Program Files\!Sunv\DFKC2003\IEBand.dll
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
    « Last Edit: July 26, 2004, 08:51:41 PM by Giga »
    Windows XP - PD 2.8 Dual Core - 1GB of RAM - Radeon x300 SE

    Giga

      Topic Starter


      Rookie
    • Giga
      Re: Hijackthis!
      « Reply #1 on: July 26, 2004, 08:34:53 PM »
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
      O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [CARPService] carpserv.exe
      O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
      O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device v1.14e035] "C:\Program Files\USB Storage Device\shwicon.exe" -t"The Company\USB Storage Device v1.14e035"
      O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\System32\NVMCTRAY.DLL,NvTaskbarInit
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
      O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
      O4 - Startup: Reboot.exe
      O8 - Extra context menu item: 东方快车-保存翻译后的网页 - C:\Program Files\!Sunv\DFKC2003\ExtSave.htm
      O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
      O9 - Extra button: ??·??ì3μ - {0B66EBA4-5F53-40e4-B17B-A0E9BC1E8D50} - C:\Program Files\!Sunv\DFKC2003\IEBand.dll
      O9 - Extra button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
      O16 - DPF: Yahoo! Chat 1.3 - http://cs5.chat.sc5.yahoo.com/c174/chat.cab
      O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
      O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
      O16 - DPF: {36CB6B28-FC08-4373-8F54-1A02E3C15B7D} (WebDownLoad Control) - http://www.qiuer.com/hk/WebDownLoadProj1.ocx
      O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc30/java/bc3_bridge_i.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://client.commonword.cn/ad/itdoor/cdn.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{6935EA68-4C36-47D4-88E9-B92998391D90}: Domain = earthlink
      O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
      O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
      O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
      O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\windows\System32\msvidctl.dll
      O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
      O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
      O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
      O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
      O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
      O18 - Protocol: ipp - (no CLSID) - (no file)
      O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
      O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
      O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
      O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
      O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll
      O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
      O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
      O18 - Protocol: msdaipp - (no CLSID) - (no file)
      O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
      O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\System32\mshtml.dll
      O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\windows\System32\msvidctl.dll
      O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
      O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
      O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
      « Last Edit: July 26, 2004, 08:51:54 PM by Giga »
      Windows XP - PD 2.8 Dual Core - 1GB of RAM - Radeon x300 SE

      merlin_2

      • Guest
      Re: Hijackthis!
      « Reply #2 on: July 28, 2004, 01:18:11 AM »
      download spysweeper form www.webrooot.com and clean out the junk..what browser are you using ie or firefox...also there are lots of reference to svhost?download stinger >http://vil.nai.com/vil/stinger/
      « Last Edit: July 28, 2004, 01:23:31 AM by merlin_2 »

      Raptor

      • Guest
      Re: Hijackthis!
      « Reply #3 on: July 28, 2004, 05:00:17 AM »
      Please  Read This First - Viruses & Spyware

      I suggest you download the programs that are recommended.
      « Last Edit: July 28, 2004, 05:00:34 AM by Raptor »

      Giga

        Topic Starter


        Rookie
      • Giga
        Re: Hijackthis!
        « Reply #4 on: July 28, 2004, 10:18:54 AM »
        I showed this log to someone and they said it seem fine to him.

        I alreayd have spybot search and destroy and ad-aware which found nothing, ill try the rest.

        I use IE and Firefox
        « Last Edit: July 28, 2004, 10:19:22 AM by Giga »
        Windows XP - PD 2.8 Dual Core - 1GB of RAM - Radeon x300 SE

        dl65

        • R.I.P.


        • Prodigy

          Thanked: 18
          Re: Hijackthis!
          « Reply #5 on: July 28, 2004, 05:23:33 PM »
          Giga......Has you browser been hijacked ? I dont believe you have mentioned that in your post.  Perhaps you could clarify exactly what problem it is you have .


          dl65  ???
          If you don't know the answer, it isn't a dumb question.

          Giga1

          • Guest
          Re: Hijackthis!
          « Reply #6 on: July 28, 2004, 10:47:27 PM »
          hehe, other than the problems i posted on the microsoft board, nope, i just posted here to get the log checked =) (also to show it to someone on another board because on that board, i had a problem posting this.)

          dl65

          • R.I.P.


          • Prodigy

            Thanked: 18
            Re: Hijackthis!
            « Reply #7 on: July 29, 2004, 01:07:06 AM »
            Giga1......Ah ha .....I wish you had said that you didnt have a hijack problem .......I have spent several hours checking and rechecking your log ( the one you posted here ) that was what prompted my last reponse , because I couldnt see anything wrong with it . In the future please dont post if you dont have any problems...
            however you are more than welcome to contribute in an effort to assist people who have real issues with their computers.

            Cheers ,

            dl65  ???
            If you don't know the answer, it isn't a dumb question.

            merlin_2

            • Guest
            Re: Hijackthis!
            « Reply #8 on: July 29, 2004, 01:26:13 AM »
            my two pennys worth i hate that hi-jack log why not monitor it yourself? just watch what you download? simple..

            Raptor

            • Guest
            Re: Hijackthis!
            « Reply #9 on: July 29, 2004, 04:36:13 AM »
            Exactly, Merlin, why let us do your work?

            That's why I only replied with the link to the Administrators sticky.