Please check my log ....
pca_nkk - 28 December 2007 - 8:46pm
<p>Logfile of Trend Micro HijackThis v2.0.0 (BETA)<br />
Scan saved at 10:42:36 PM, on 12/28/2007<br />
Platform: Windows XP SP2 (WinNT 5.01.2600)<br />
Boot mode: Normal</p>
<p>Running processes:<br />
C:\WINDOWS\System32\smss.exe<br />
C:\WINDOWS\system32\winlogon.exe<br />
C:\WINDOWS\system32\services.exe<br />
C:\WINDOWS\system32\lsass.exe<br />
C:\WINDOWS\system32\Ati2evxx.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\System32\svchost.exe<br />
C:\Software & Programs Files\Ad-Aware 2007\aawservice.exe<br />
C:\WINDOWS\system32\Ati2evxx.exe<br />
C:\WINDOWS\Explorer.EXE<br />
C:\WINDOWS\system32\spoolsv.exe<br />
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe<br />
C:\WINDOWS\RTHDCPL.EXE<br />
C:\WINDOWS\ALCMTR.EXE<br />
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe<br />
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe<br />
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe<br />
C:\WINDOWS\system32\ctfmon.exe<br />
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe<br />
C:\Program Files\LClock\lclock.exe<br />
C:\Program Files\Vista Sidebar\sidebar.exe<br />
C:\Program Files\ViStart\ViStart.exe<br />
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe<br />
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe<br />
C:\Software & Programs Files\Diskeeper Pro Premier 2007\DkService.exe<br />
C:\Software & Programs Files\Ewido Anti-Malware\ewidoguard.exe<br />
C:\Program Files\Common Files\LightScribe\LSSrvc.exe<br />
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe<br />
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE<br />
C:\WINDOWS\system32\PSIService.exe<br />
C:\Program Files\CyberLink\Shared Files\RichVideo.exe<br />
C:\Software & Programs Files\ProShow Gold\ScsiAccess.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\system32\Tablet.exe<br />
C:\WINDOWS\system32\MsPMSPSv.exe<br />
C:\Software & Programs Files\Avant Browser\avant.exe<br />
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe</p>
<p>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.yahoo.com/">http://www.yahoo.com/</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54843">http://go.microsoft.com/fwlink/?LinkId=54843</a><br />
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost<br />
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)<br />
O1 - Hosts: 66.98.148.65 auto.search.msn.com<br />
O1 - Hosts: 66.98.148.65 auto.search.msn.es<br />
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll<br />
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Software & Programs Files\BitComet\tools\BitCometBHO.dll<br />
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)<br />
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll<br />
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll<br />
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE<br />
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE<br />
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe<br />
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg<br />
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP<br />
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"<br />
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"<br />
O4 - HKLM\..\Run: [QuickTime Task] "C:\Software & Programs Files\Quicktime 7\qttask.exe" -atboottime<br />
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup<br />
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<br />
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe<br />
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe<br />
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe<br />
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')<br />
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')<br />
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')<br />
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')<br />
O8 - Extra context menu item: &Search - ?p=ZNxmk546YYFI<br />
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\SOFTWA~1\OFFICE11\EXCEL.EXE/3000<br />
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html<br />
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html<br />
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html<br />
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html<br />
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Software & Programs Files\BitComet\tools\BitCometBHO_1.1.7.4.dll<br />
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\SOFTWA~1\MICROS~1\OFFICE11\REFIEBAR.DLL<br />
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)<br />
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)<br />
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - <a href="http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab">http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab</a><br />
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll<br />
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - <a href="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab">http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab</a><br />
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - <a href="http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab">http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab</a><br />
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFC41CA-7E99-4136-98DE-1B536AD7BCB1}: NameServer = 208.67.220.220,208.67.222.222 <br />
O17 - HKLM\System\CCS\Services\Tcpip\..\{59048F65-AD35-44C5-8F34-00037BA6DE8E}: NameServer = 85.255.116.98,85.255.112.237<br />
O17 - HKLM\System\CCS\Services\Tcpip\..\{D75B6847-1795-4C44-8BF3-73585DFCB7B0}: NameServer = 85.255.116.98,85.255.112.237<br />
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9956B0D-9D64-4BF1-9DC8-BB7B093152C1}: NameServer = 85.255.116.98,85.255.112.237<br />
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 <br />
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 <br />
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 <br />
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL<br />
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll<br />
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll<br />
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Software & Programs Files\Ad-Aware 2007\aawservice.exe<br />
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe<br />
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe<br />
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe<br />
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe<br />
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe<br />
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Software & Programs Files\Diskeeper Pro Premier 2007\DkService.exe<br />
O23 - Service: ewido security suite guard - ewido networks - C:\Software & Programs Files\Ewido Anti-Malware\ewidoguard.exe<br />
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe<br />
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe<br />
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe<br />
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe<br />
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe<br />
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)<br />
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe<br />
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe<br />
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe<br />
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe<br />
O23 - Service: ScsiAccess - Unknown owner - C:\Software & Programs Files\ProShow Gold\ScsiAccess.exe<br />
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)<br />
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe</p>
<p>--<br />
End of file - 10181 bytes</p>
Log in to PCAnswers
How to...
Speed up Windows XP
TanyaC - 4 September 2008 - 9:47am
Get the full potential from Windows XP with Tanya Combrinck’s assortment of handy Windows XP tips and tweaks. In minutes you’ll be running a faster and leaner PC. ... read more »
Latest PC news from TechRadar
- Exclusive: Virgin & ITV: Internet details not yet finalised
- Ballmer's CES keynote - all the details
- Virgin Media seals on-demand deal with ITV
- AMD rolls out much improved Phenom II CPU
- In Depth: Is 45nm silicon enough to save AMD?
- Windows 7 Beta available worldwide Friday
- Sony launches world's lightest 8-inch netbook
- Skype officially launches standalone videophone
Copyright 2006 - 2008 Future Publishing Limited(company registered number 2008885), a company registered in England and Wales
whose registered office is at Beauford Court, 30 Monmouth Street, Bath, BA1 2BW, UK
Please check my log ....
Glamdring - 28 December 2007 - 10:44pm<p>If you cut and paste that log into the box here:<br />
<a href="http://www.hijackthis.de/index.php?langselect=english">http://www.hijackthis.de/index.php?langselect=english</a><br />
click on Analyse then you'll see you have a number of nasties.</p>
<p>Run a full anti spyware and antivirus scan in Safe Mode having turned off System Restore first, then recheck the log and fix any know shouldn't be there.</p>
<p>If in doubt post here again. ;)</p>
Please check my log ....
pca_nkk - 29 December 2007 - 10:37pm<p>Hi Glamdring,</p>
<p>Thank´s for the answer. I ´ve have done what you suggested, everything looks ok.</p>
Please check my log ....
Vino Rosso - 5 January 2008 - 11:46am<p>Your log shows an infection called Wareout which, given it involves hidden file(s), you'll be lucky to get rid of it by simply fixing HJT entries.</p>
<p>If you haven't got help in another forum, post a fresh log here.</p>