Results 1 to 7 of 7

Thread: Hijack This

  1. #1
    Senior Member
    Join Date
    Dec 2006
    Location
    Myrtle Beach, SC
    Posts
    238

    Hijack This

    hey its me again. i've recently downloaded the hijack this program. i did a system scan and i am anxious to see if there is anything i need to delete. so here is the log file. thanks for the help

    Logfile of HijackThis v1.99.1
    Scan saved at 3:57:30 PM, on 2/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\PaperCut Print Logger\pcpl.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\DAP\DAP.EXE
    c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)
    O3 - Toolbar: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PaperCut Print Logger (PCPrintLogger) - Unknown owner - C:\Program Files\PaperCut Print Logger\pcpl.exe" PCPrintLogger (file missing)

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Running your log through this:

    http://www.hijackthis.de/index.php?langselect=english

    Came up with this:

    R3 - URLSearchHook: (no name) - - (no file) - Should be fixed if you do not know the application or if no application is mentioned.

    The rest seemed to be OK.

    Cheers:
    DjM

  3. #3
    Senior Member
    Join Date
    Dec 2006
    Location
    Myrtle Beach, SC
    Posts
    238
    i googled it and came up with this

    http://bcheck.scanit.be/bcheck/hijacked.php?page=4

    so ill assume that it is safe to remove it. but for now ill leave it and do more research. other than that it looks as though i did a good job of removing anything bad. ill keep you posted on anything that i think might seem suspicious. thanks for all the help.

    ps there'll be more where that came from

  4. #4
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    You can disable this in your startups:

    Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
    http://www.bleepingcomputer.com/star...20-u-6014.html


    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

    This is for checking for Java updates and is not really required on startups:

    The jusched.exe automatic update scheduler is relatively new [j2re1.4.2_04] and by default is loaded set to check for java updates from Sun every month after installation. The process is nearly always sleeping, but eats up 2.4 Mb of RAM . Rare problems when it attempts to phone home for updates. Default behavior easily changed through the Control Panel - Java Plug In - Update tab - uncheck "Check for Updates Automatically" and be sure to press the "Apply" button before closing the applet.. Can also be disabled in registry HKLM \SOFTWARE\Microsoft\Windows\CurrentVersion\Run .
    http://www.neuber.com/taskmanager/pr...sched.exe.html


    This is a good utiltiy for managing your 04's (startups).
    http://www.mlin.net/StartupCPL.shtml

    This site has a useful explanation of each line item:

    http://www.castlecops.com/HijackThis.html

    HTH..
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Your Java is out of date................. it should be at _11 not _08

    Mine just auto-updated this morning (GMT)

  6. #6
    Senior Member
    Join Date
    Dec 2006
    Location
    Myrtle Beach, SC
    Posts
    238
    wow. thanks for the help. usually the first thing i do is check for updates. i never thought to update java. thanks a lot

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey, chaosclown, no problems my friend

    dalek is perfectly correct, in that you don't need the update mechanism to load, and my normal attitude is that you don't allow auto-updates. They can clash with eachother, and take resources/crash your OS........... particularly when you are doing something "important"........ it brings in customers though?

    I let the Java one run, as I have never had a problem, and it only runs about once a month..............

    As you claim no in-depth knowledge, might I recommend this software? it is free for non-commercial users, and I must admit that I do rather abuse it as a maintenance and control application

    WinPatrol, by BillP Studios.................

Similar Threads

  1. a-squared hijack analysis
    By JonnyFrond in forum Spyware / Adware
    Replies: 17
    Last Post: February 14th, 2006, 04:08 AM
  2. Hijack this forum?
    By JonnyFrond in forum Site Feedback/Questions/Suggestions
    Replies: 5
    Last Post: February 2nd, 2006, 11:13 AM
  3. msconfig>startup and hijack this logs
    By kyrios in forum Spyware / Adware
    Replies: 21
    Last Post: March 22nd, 2005, 11:14 PM
  4. Hijack This usage
    By Soda_Popinsky in forum The Security Tutorials Forum
    Replies: 7
    Last Post: August 6th, 2004, 06:30 AM
  5. Microsoft Plugs Browser Hijack Holes
    By moxnix in forum Microsoft Security Discussions
    Replies: 3
    Last Post: October 8th, 2003, 01:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •