| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 105608 | 2009-12-08 06:21:00 | Convair HJT log | convair (13650) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 837629 | 2009-12-08 06:21:00 | Could some body please check this for any problems. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:56:09 PM, on 12/8/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 2520 bytes |
convair (13650) | ||
| 837630 | 2009-12-08 06:34:00 | I have a couple of entries I am curious about too. O1 - Hosts: ------ ÆÁ±ÎѸÀ׿´¿´¹ã¸æ ------ O13 - Gopher Prefix: O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) What does this file missing part mean? I have a few of them. Cheers. |
xyz823 (13649) | ||
| 837631 | 2009-12-08 06:38:00 | You can tick these then tick fix checked Close browsers O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Is that all of the log convair? What version of windows have you got darkstar?? I would tick that hosts entry That other entry has something to do with WMP, and its network option |
Speedy Gonzales (78) | ||
| 837632 | 2009-12-08 06:40:00 | What version of windows have you got darkstar?? I would tick that hosts entry That other entry has something to do with WMP, and its network option Windows 7. It wasnt the WMP part it was the file missing part. What does that mean? |
xyz823 (13649) | ||
| 837633 | 2009-12-08 06:47:00 | Windows 7. It wasnt the WMP part it was the file missing part. What does that mean?. Probably doesnt know what windows 7 is. Dont worry about it leave it there. Its a file related to WMP |
Speedy Gonzales (78) | ||
| 837634 | 2009-12-08 06:49:00 | . Probably doesnt know what windows 7 is . Dont worry about it leave it there . Its a file related to WMP And whats the Gopher thing? |
xyz823 (13649) | ||
| 837635 | 2009-12-08 06:51:00 | I dont know lol. I have no idea what it is or does. Its probably ready to dig a hole somewhere :p | Speedy Gonzales (78) | ||
| 837636 | 2009-12-08 06:57:00 | Thanks for your help Speedy. Got the HJT sorted. | convair (13650) | ||
| 837637 | 2009-12-08 06:57:00 | I've been reading through this (www.aumha.org) and picking up some useful info from it. | xyz823 (13649) | ||
| 837638 | 2009-12-08 06:59:00 | Thanks for your help Speedy. Got the HJT sorted. No probs. |
Speedy Gonzales (78) | ||
| 1 2 | |||||