Thread: HiJackThis Log
View Single Post
Old 07-05-2007, 12:47 PM   #4 (permalink)
YellowKid
Registered User
 
Join Date: May 2007
Posts: 71
OS: Windows XP


Re: HiJackThis Log
I have followed the steps you've given me.

main.txt :

Deckard's System Scanner v20070611.50
Run by Jamie on 2007-07-05 at 14:24:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2007-07-05 18:24:44 UTC - RP37 - Deckard's System Scanner Restore Point
16: 2007-07-01 18:42:36 UTC - RP36 - System Checkpoint
15: 2007-06-30 17:31:22 UTC - RP35 - System Checkpoint
14: 2007-06-28 19:17:36 UTC - RP34 - Installed AVG 7.5
13: 2007-06-27 22:54:03 UTC - RP33 - System Checkpoint


-- First Restore Point --
1: 2007-06-12 12:03:08 UTC - RP21 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Jamie.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:26:48 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\F2KJFLGP\dss[1].exe
C:\DOCUME~1\Jamie\Desktop\Jamie.exe
C:\Program Files\Windows Media Player\wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - c:\documents and settings\jamie\desktop\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" (file missing)


-- Files created between 2007-06-05 and 2007-07-05 -----------------------------

2007-07-01 23:26:33 0 d-------- C:\Program Files\LimeWire
2007-06-28 14:52:21 0 d-------- C:\Documents and Settings\Jamie\Application Data\Grisoft
2007-06-27 18:13:21 0 d-------- C:\WINDOWS\pss
2007-06-25 20:51:23 0 d-------- C:\Program Files\UPHClean
2007-06-17 20:49:13 0 d--h----- C:\WINDOWS\PIF
2007-06-15 21:32:21 0 d-------- C:\Documents and Settings\Jamie\Application Data\Apple Computer
2007-06-15 21:31:06 0 d-------- C:\Program Files\QuickTime
2007-06-15 21:30:17 0 d-------- C:\Program Files\iTunes
2007-06-15 21:30:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-06-15 21:29:26 38229 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player>
2007-06-15 21:29:06 0 d-------- C:\Program Files\iPod
2007-06-15 21:24:14 0 d-------- C:\WINDOWS\Downloaded Installations
2007-06-12 19:52:34 0 d-------- C:\WINDOWS\Sun
2007-06-12 07:56:14 0 d-------- C:\Documents and Settings\Jamie\.SunDownloadManager
2007-06-12 07:54:07 0 d-------- C:\Program Files\Java
2007-06-12 07:54:05 0 d-------- C:\Program Files\Common Files\Java
2007-06-12 07:44:57 0 d-------- C:\WINDOWS\system32\appmgmt
2007-06-12 07:38:30 0 d-------- C:\Documents and Settings\Jamie\Application Data\Sun
2007-06-06 07:59:07 0 d--h----- C:\WINDOWS\system32\GroupPolicy


-- Find3M Report ---------------------------------------------------------------

2007-07-05 10:45:58 0 d-------- C:\Documents and Settings\Jamie\Application Data\AVG7
2007-07-03 18:25:58 0 d-------- C:\Documents and Settings\Jamie\Application Data\LimeWire
2007-06-27 20:58:47 0 d-------- C:\Program Files\lg_fwupdate
2007-06-24 18:31:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-15 21:24:09 0 d-------- C:\Program Files\Common Files\InstallShield
2007-06-04 22:28:39 0 d-------- C:\Documents and Settings\Jamie\Application Data\WinRAR
2007-06-03 18:18:45 86016 --a------ C:\WINDOWS\system32\rpcapd.exe <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon>
2007-06-03 18:18:45 6656 --a------ C:\WINDOWS\system32\NetMonInstaller.exe <Not Verified; NetGroup - Politecnico di Torino; NetMon Protocol Driver Installer>
2007-06-03 18:18:45 49152 --a------ C:\WINDOWS\system32\daemon_mgm.exe <Not Verified; NetGroup - Politecnico di Torino; WinPcap Remote Capture Daemon installer/remover>
2007-06-03 18:18:44 49152 --a------ C:\WINDOWS\system32\npf_mgm.exe <Not Verified; NetGroup - Politecnico di Torino; WinPcap NPF Driver installer/remover>
2007-06-02 13:12:33 0 d--h----- C:\Program Files\WindowsUpdate
2007-06-02 08:33:33 0 d-------- C:\Documents and Settings\Jamie\Application Data\CyberLink
2007-06-01 23:28:26 0 d-------- C:\Documents and Settings\Jamie\Application Data\InterTrust
2007-06-01 23:28:26 0 d-------- C:\Documents and Settings\Jamie\Application Data\Adobe
2007-06-01 23:26:45 0 d-------- C:\Program Files\Ahead
2007-06-01 23:26:33 0 d-------- C:\Program Files\Common Files\Ahead
2007-06-01 23:25:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-01 23:25:13 0 d-------- C:\Program Files\CyberLink DVD Solution
2007-06-01 23:23:54 0 d-------- C:\Program Files\CyberLink
2007-06-01 18:27:54 0 d-------- C:\Documents and Settings\Jamie\Application Data\Google
2007-06-01 07:52:04 0 d-------- C:\Documents and Settings\Jamie\Application Data\Real
2007-06-01 07:47:20 0 d-------- C:\Program Files\Common Files\xing shared
2007-06-01 07:47:18 0 d-------- C:\Program Files\Common Files\Real
2007-06-01 07:47:13 0 d-------- C:\Program Files\Google
2007-06-01 07:46:54 0 d-------- C:\Program Files\Real
2007-05-29 20:20:06 0 d-------- C:\Program Files\Realtek
2007-05-29 20:14:59 0 d-------- C:\Documents and Settings\Jamie\Application Data\Help
2007-05-29 19:44:03 0 d-------- C:\Program Files\Realtek AC97
2007-05-29 19:03:26 0 d-------- C:\Program Files\MSN Messenger
2007-05-29 18:38:37 0 d-------- C:\Program Files\Messenger
2007-05-29 18:38:16 0 d-------- C:\Program Files\Movie Maker
2007-05-29 18:35:52 0 d-------- C:\Program Files\Windows NT
2007-05-29 17:52:54 0 d-------- C:\Documents and Settings\Jamie\Application Data\Macromedia
2007-05-29 17:48:35 0 d-------- C:\Documents and Settings\Jamie\Application Data\Identities
2007-05-29 17:43:29 0 d-------- C:\Program Files\microsoft frontpage
2007-05-29 17:43:15 0 -rahs---- C:\MSDOS.SYS
2007-05-29 17:43:15 0 -rahs---- C:\IO.SYS
2007-05-29 17:43:15 0 --a------ C:\CONFIG.SYS
2007-05-29 17:43:15 0 --a------ C:\AUTOEXEC.BAT
2007-05-29 17:42:13 0 d-------- C:\Program Files\Online Services
2007-05-29 17:40:29 0 d-------- C:\Program Files\Common Files\MSSoap
2007-05-29 17:40:01 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-29 17:39:29 0 d-------- C:\Program Files\MSN Gaming Zone
2007-05-29 13:20:11 0 d-------- C:\Program Files\Common Files\ODBC
2007-05-29 13:20:06 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-29 13:19:40 62 --ahs---- C:\Documents and Settings\Jamie\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fwupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NPPTNT2


-- End of Deckard's System Scanner: finished at 2007-07-05 at 14:30:47 ---------
Attached Files
File Type: txt extra.txt (7.7 KB, 1 views)
Last edited by YellowKid; 07-05-2007 at 12:51 PM.
YellowKid is offline