| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 86690 | 2008-01-25 08:26:00 | Suspicious Processes (Hijack this log) | videnthecoldone (13321) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 633866 | 2008-01-25 08:26:00 | Hello. I had gotten a hijack this log a while ago, and posted it at a different website that claimed to look over such things and respond within 24 hours. after a month with no response i gave up. I hope you can be more helpful. I have been having lagging issues and freeze ups, and wanted to know if i had any processes that could be eating up memory, or suspicious. Thanks for the help. Logfile of HijackThis v1.99.1 Scan saved at 4:49:46 PM, on 11/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\csrss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Windows Defender\MsMpEng.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Comodo\Firewall\cmdagent.exe E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe E:\PROGRA~1\McAfee\MSC\mcpromgr.exe e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe E:\WINDOWS\Explorer.EXE e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe E:\PROGRA~1\McAfee\MPS\mps.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\wdfmgr.exe E:\Program Files\Viewpoint\Common\ViewpointService.exe E:\WINDOWS\system32\BtUsrBdg.exe E:\WINDOWS\system32\BTSetBootKey.exe E:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\WINDOWS\713xRMTMon.exe E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BA.EXE E:\WINDOWS\RTHDCPL.EXE E:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe E:\Program Files\Windows Defender\MSASCui.exe E:\Program Files\Microsoft IntelliPoint\ipoint.exe E:\Program Files\Comodo\Firewall\CPF.exe E:\progra~1\valve\steam\steam.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe e:\PROGRA~1\mcafee.com\agent\mcagent.exe E:\Program Files\McAfee\MPS\mpsevh.exe e:\Program Files\Microsoft IntelliPoint\dpupdchk.exe E:\WINDOWS\System32\alg.exe e:\PROGRA~1\mcafee\msc\mcuimgr.exe E:\Utopia\Angel\Angel.exe E:\Program Files\BitLord\BitLord.exe E:\WINDOWS\System32\svchost.exe E:\Documents and Settings\Viden\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 69.57.152.127 auto.search.msn.com O1 - Hosts: 69.57.152.127 auto.search.msn.es O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\ Yahoo! \Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - E:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - e:\program files\mcafee\mps\mcpopup.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] E:\WINDOWS\713xRMTMon.exe O4 - HKLM\..\Run: [EPSON Stylus C88 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BA.EXE /P23 "EPSON Stylus C88 Series" /O5 "LPT1:" /M "Stylus C88" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [IntelliPoint] "e:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [Steam] "e:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DW4] "E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Utopia Angel] "E:\Utopia\Angel\Angel.exe" O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - E:\Documents and Settings\Viden\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://game1.pogo.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - download.mcafee.com O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - www.blizzard.com O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - download.mcafee.com O17 - HKLM\System\CCS\Services\Tcpip\..\{FCCC5573-1720-4710-BE2C-FE210F2EE059}: NameServer = 192.168.1.1,68.87.64.194 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe |
videnthecoldone (13321) | ||
| 633867 | 2008-01-25 09:06:00 | Welcome to Press F1 - Without even looking hard at the Log - I can tell you right away that McAfee security you have in is sucking lots of resources. Seen MANY customers PC's brought to a crawl by this software. - Almost as bad as Norton's - in fact may even be worse. |
wainuitech (129) | ||
| 633868 | 2008-01-25 10:15:00 | Thanks, its good to be here. I always suspected as much about Mcafee. Do you know of any good replacements, free or otherwise? And is there anything else that looks out of place, or like a resource hog? Thanks. |
videnthecoldone (13321) | ||
| 633869 | 2008-01-25 10:23:00 | One of the better AV's is Nod32. 30 day trial (www.eset.com) Its not free, but it works very well. Its really light on resources, in fact you hardly know its there. Had a quick look at the Log, there is a few nasties, hopefully speedy will pick this up, as hes an expert on these. |
wainuitech (129) | ||
| 633870 | 2008-01-25 16:15:00 | Put hijackthis in its own folder first (I would update it too). Link is in my sig. Then run it again tick these entries, then tick fix checked Close browser/s. O1 - Hosts: 69.57.152.127 auto.search.msn.com O1 - Hosts: 69.57.152.127 auto.search.msn.es O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - E:\Documents and Settings\Viden\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) Uninstall ALL versions of Sun Java. Latest version is in my sig. 1.6.0.4 Then reboot. |
Speedy Gonzales (78) | ||
| 633871 | 2008-01-25 19:19:00 | One of the better AV's is Nod32. 30 day trial (www.eset.com) Its not free, but it works very well. Its really light on resources, in fact you hardly know its there. Had a quick look at the Log, there is a few nasties, hopefully speedy will pick this up, as hes an expert on these. Gosh you people are up early! Yes i would highly recommend NOD 32, i have the smart security and you can hardly know its there. It does not slow down anything and you can play CPU hungry games while is scanning for viruses with out any noticeable lag at all!. I would highly recommend this product to everyone. :thumbs: :o :thumbs: |
password (5384) | ||
| 633872 | 2008-01-25 19:29:00 | Thanks a ton guys. I will do this ASAP, and see what i can do with the new Virus system, i have been wanting to get rid of Mcafee for ages, but i get it free with my internet connection. | videnthecoldone (13321) | ||
| 633873 | 2008-01-25 19:31:00 | Yea just as wainuitech says there is a 30 day trial of the smart security so you can try it, you cant really go wrong. | password (5384) | ||
| 633874 | 2008-01-25 20:29:00 | Yea just as wainuitech says there is a 30 day trial of the smart security so you can try it, you cant really go wrong. The smart security is great ( I use it myself) BUT there is currently a problem Eset are working on, its to do with the firewall. It has been discovered if you have Telstra Cable Modem, run a single PC and Live in Wellington it sometimes crashes the PC. Its only on single PC's in Wellington , working on LANS is no problems, or any where else in the country is fine also. Spose We in Wellington have to be different :D The Anti virus has no problems. |
wainuitech (129) | ||
| 633875 | 2008-01-25 21:40:00 | Well, none of that applies to me, so im happy ^_^ I got a good version of nod32, and it looks pretty good, im replacing mcafee. Im going to do everything, and post an updated log since the one before was a bit old. Thanks for all the help so far guys. | videnthecoldone (13321) | ||
| 1 2 3 | |||||