Thread: Does this HJT log look suspicious?
View Single Post
Old 12-03-2008, 11:22 PM   #3 (permalink)
tanger
Registered User
 
Join Date: Aug 2007
Posts: 62
OS: XP SP3


Re: Does this HJT log look suspicious?
some more logs...


DDS (Version 1.0) - NTFSx86
Run by Warren at 1:00:01.31 on 04/12/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2047.1602 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Warren\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asus wifi-ap solo.lnk - c:\program files\asus wifi-ap solo\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\kaspersky lab\kaspersky internet security 2009\mzvkbd.dll,c:\progra~1\kaspersky lab\kaspersky internet security 2009\adialhk.dll,c:\progra~1\kaspersky lab\kaspersky internet security 2009\kloehk.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-4-16 112144]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-7-16 213008]
R2 AVP;Kaspersky Internet Security;"c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" -r [2008-4-25 201992]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-3-25 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-11-26 176128]
R3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\SjyPkt.sys [2008-11-26 13532]

=============== Created Last 30 ================

2008-12-04 00:47 250 a------- c:\windows\gmer.ini
2008-12-02 22:50 79 a------- c:\windows\wininit.ini
2008-12-02 14:34 <DIR> --d----- c:\program files\Foxit Software
2008-12-02 11:15 <DIR> --d----- c:\docume~1\warren\applic~1\Kaspersky_Key_Finder_(KKF
2008-11-28 00:34 <DIR> --d----- c:\docume~1\warren\applic~1\Design Science
2008-11-28 00:33 <DIR> --d----- c:\program files\MathType
2008-11-28 00:22 <DIR> --d----- c:\docume~1\warren\applic~1\Inkscape
2008-11-28 00:21 <DIR> --d----- c:\program files\Inkscape
2008-11-27 19:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alias
2008-11-26 21:24 21,035 a------- c:\windows\system32\drivers\AegisP.sys
2008-11-26 21:23 176,128 a------- c:\windows\system32\drivers\RTL8187.sys
2008-11-26 21:23 13,532 a------- c:\windows\system32\drivers\SjyPkt.sys
2008-11-26 21:23 <DIR> --d----- c:\program files\ASUS WiFi-AP Solo
2008-11-26 17:35 28 a------- c:\windows\pdf995.ini
2008-11-26 17:34 59 a------- c:\windows\wpd99.drv
2008-11-26 17:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\pdf995
2008-11-26 17:34 249,856 a------- c:\windows\system32\pdfmona.dll
2008-11-26 17:34 51,716 a------- c:\windows\system32\pdf995mon.dll
2008-11-26 17:34 <DIR> --d----- c:\program files\pdf995
2008-11-21 23:08 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-21 23:08 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-12 16:52 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 16:52 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-05 16:41 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-11-05 16:41 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-05 16:40 <DIR> --d----- c:\program files\iPod
2008-11-05 16:40 <DIR> --d----- c:\program files\iTunes
2008-11-05 16:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-05 16:40 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-11-05 00:02 <DIR> --d----- c:\program files\VS Revo Group
2008-11-04 23:33 664 a------- c:\windows\system32\d3d9caps.dat
2008-11-04 20:03 301,656 a------- c:\windows\system32\BtCoreIf.dll
2008-11-04 19:42 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2008-11-04 18:35 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-04 18:35 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2008-12-04 00:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2008-12-02 23:33 <DIR> --d----- c:\docume~1\warren\applic~1\uTorrent
2008-11-27 19:10 <DIR> --d----- c:\docume~1\warren\applic~1\Autodesk
2008-11-18 09:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-17 01:10 <DIR> --d----- c:\program files\WorldOfGoo
2008-11-05 16:40 <DIR> --d----- c:\program files\Bonjour
2008-11-04 20:03 <DIR> --d----- c:\program files\common files\Logitech
2008-11-03 17:17 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-11-01 19:01 <DIR> --d----- c:\program files\THQ
2008-11-01 18:34 <DIR> --d----- c:\program files\Steam
2008-10-29 20:46 <DIR> --d----- c:\program files\Curve Expert
2008-10-27 15:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2DBoy
2008-10-27 15:23 <DIR> --d----- c:\docume~1\warren\applic~1\My Battle for Middle-earth(tm) II Files
2008-10-27 00:04 <DIR> --d----- c:\program files\EA GAMES
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-08 15:20 <DIR> --d----- c:\docume~1\warren\applic~1\SPORE
2008-09-28 11:12 507,904 a------- c:\windows\system32\winlogon.exe
2008-09-16 20:27 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 -c------ c:\windows\system32\msxml6.dll
2008-07-16 16:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2008-05-03 12:32 <DIR> --d----- c:\docume~1\warren\applic~1\My Battle for Middle-earth Files
2008-05-02 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2004-08-04 07:00 73,728 ac-sh--- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

============= FINISH: 1:00:18.73 ===============
Attached Files
File Type: txt Gmer.txt (24.3 KB, 1 views)
File Type: txt Attach.txt (10.6 KB, 2 views)
tanger is offline