Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28518
  • Total Topics: 8240
  • Online Today: 1026
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: My HijackThis log  (Read 3549 times)

0 Members and 1 Guest are viewing this topic.

aashutosh01

  • SCF Newbie
  • *
  • Posts: 1
  • KARMA: 0
My HijackThis log
« on: 20. March 2008., 07:24:48 »
Hello

This is the HijackThis log of my system: Kindly suggest the fix.

----------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:28 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe

--
End of file - 4660 bytes
---------------------------------------------------------------------

Regds

Ash.

Samker's Computer Forum - SCforum.info

My HijackThis log
« on: 20. March 2008., 07:24:48 »




Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: My HijackThis log
« Reply #1 on: 20. March 2008., 09:14:42 »
Hi aashutosh01 & Welcome to SCF Board.

Of course we will check your HJT log, it will be also very useful to provide us information what kind of problem you have with your PC and also make Online AntiVirus Scan with Kaspersky and provide us log (in your next reply): http://scforum.info/index.php/topic,734.0.html

Regards & cya later,

Samker


P.S.

I was move you topic to "PC Help Center".

Gerald309BCPCNet

  • SCF Newbie
  • *
  • Posts: 3
  • KARMA: 1
  • Gender: Male
    • BlueCollarPC.Net
Re: My HijackThis log
« Reply #2 on: 10. April 2008., 03:27:44 »
This is very preliminary comment while awaiting anaysis. You may wish to review to become familiar with those parts of the HiJackThis Log being examined..... example:

[ NOTE... I am only a Forum member - not any official helper.]

If you are experiencing severe navigational problems I suggest you install and run (scan) the following while waiting:

Malicious Software Removal Tools....
Microsoft Free Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx 

To begin..... there are handfuls of what are called "same name threats" which are malware  (trojans, viruses, worms, spyware) that intentionally have files that have the same name  usually of Windows  Operating System (OS) files or other softwares - intentionally to attempt to hide from security scans by antivirus and antispyware or real time detection by them, detecting malware in computer memory attempting to run. Attempting manual  removal of these takes great diligence in identifying malware files as opposed to legitimate files to avoid fatal errors - corrupting Windows and/or other software(s ). Not recommended unless an Advanced User.

Generally, the first section of the Hi Jack This Log area are running processes of Windows  and of course are many of the "same name threats" targets. These type malwares can be ruled out as present by full scans with quality antivirus and antispyware softwares that will be able to quarantine or delete the malware files without harming Windows and/or other software (s ).

General Windows Processes in HJT Logs:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe

SAME-NAME THREATS EXAMPLES:
smss.exe
-------------------
smss.exe - smss - Process Information
http://www.liutilities.com/products/wintaskspro/processlibrary/smss/
smss.exe is a process which is a part of the Microsoft Windows
Operating System. It is called the Session Manager Subsystem and is
responsible for handling sessions on your system. This program is
important for the stable and secure running of your computer and
should not be terminated.
Note: smss.exe is a process which is registered as a trojan. This
Trojan allows attackers to access your computer from remote
locations, stealing passwords, Internet banking and personal data.
This process is a security risk and should be removed from your
system.

What is smss.exe? Is smss.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/smss.exe.html
Process name: Windows NT Session Manager
Product: Windows
Company: Microsoft
File: smss.exe
Security Rating:
This is the session manager subsystem, which is responsible for
starting the user session. This process is initiated by the system
thread and is responsible for various activities, including launching
the Winlogon and Win32 (Csrss.exe) processes and setting system
variables. After it has launched these processes, it waits for either
Winlogon or Csrss to end. If this happens "normally," the system
shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).
Note: The smss.exe file is located in the folder C:\Windows\System32.
In other cases, smss.exe is a virus, spyware, trojan or worm! Check
this with Security Task Manager.
Virus with same name:
W32.Dalbug.Worm - Symantec Corporation
Adware.DreamAd - Symantec Corporation
W32.Resdoc - Symantec Corporation
Adware.Advision - Symantec Corporation
Backdoor.IRC.Flood.F - Symantec Corporation
Backdoor.IRC.Aladinz.O - Symantec Corporation
and more....

winlogon.exe
--------------------------------
winlogon.exe
Process Name: Microsoft Windows Logon Process
winlogon.exe - winlogon - Process Information
http://www.liutilities.com/products/wintaskspro/processlibrary/winlogo
n/
Windows errors related to winlogon.exe ?
winlogon.exe is a process belonging to the Windows login manager. It
handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated. Note: winlogon.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. Determining whether winlogon.exe is a virus or a legitimate Windows process depends on the directory location it executes or runs from.

What is winlogon.exe? Is winlogon.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/winlogon.exe.html
Process name: Windows NT/2000/XP Logon Application
Product: Windows
Company: Microsoft
File: winlogon.exe
Security Rating:
The process "winlogon.exe" runs in the background. It's a part of the
Windows Login subsystem. Winlogon is necessary for user authorization and checks the Windows XP activation code.
Note: The winlogon.exe file is located in the folder
C:\Windows\System32. In other cases, winlogon.exe is a virus,
spyware, trojan or worm! Check this with Security Task Manager.
Virus with same name:
W32.Netsky.D - see McAfee Symantec Corporation Trend Micro

iexplore.exe
------------------------------
iexplore.exe - iexplore - Process InformationProcess Name: Microsoft
Internet Explorer
http://www.liutilities.com/products/wintaskspro/processlibrary/iexplor
e/
Windows errors related to iexplore.exe ?
iexplore.exe is the main executable for Microsoft Internet Explorer.
This Microsoft Windows application allows you to surf the world wide
web and the Internet. This program is a non-essential process, but
should not be terminated unless suspected to be causing  problems.
Note: iexplore.exe could also be a process which belongs to the .
This program is a non-essential process, but should not be terminated unless suspected to be causing problems. Note: iexplore.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
This process is a security risk and should be removed from your
system. Determining whether iexplore.exe is a virus or a legitimate Windows process depends on the directory location it executes or runs from. Check that iexplore.exe is stable on your computer.

What is iexplore.exe? Is iexplore.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/iexplore.exe.html
Process name: Microsoft Internet Explorer
Product: Windows
Company: Microsoft
File: iexplore.exe
Security Rating:

"iexplore.exe" is the Internet Browser from Mircosoft. It is a part
of the Windows Operating system. Check the security settings for this program to minimize the risk when you are surfing. Get more detailed information about iexplore.exe and all other running background processes with Security Task Manager.
Note: Any malware can be named anything - so you should check where the files of the running processes are located on your disk. If
a "non-Microsoft" .exe file is located in the C:\Windows or
C:\Windows\System32 folder, then there is a high risk for a virus,
spyware, trojan or worm infection!

gerald309bcpcnet webmaster bluecollarpc.net (non-commercial)
Webmaster of bluecollarpc.net / bluecollarpc.org

nelodm06

  • SCF Newbie
  • *
  • Posts: 6
  • KARMA: 1
Re: My HijackThis log
« Reply #3 on: 05. May 2009., 04:22:42 »
Hi,

Looking at the log file below, it seems you have AVG, Nod32, Trends Micro installed. Aren't they conflicting on your machine and might be causing the problem for pc slowness.

Thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:28 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising