Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
justbarking
regular


Reg'd: Sun
Posts: 211
Re: HiJackThis Logfile
      Wed Jun 04 2008 10:10 PM
Reply to this post Reply   Reply to this post Quote  

Here are the latest required: CFSript.txt file and HiJackThis log file. When i boot up the computera message appears:

ctfmon.exe-Unable to Locate Component
The application has failed to start because MSCTF.dll was not found. Re-installing the application may fix this problem. Also a message appears for Windows XP PRO?


ComboFix 08-06-03.4 - Klee Lisa 2008-06-04 21:47:00.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.293 [GMT 1:00]
Running from: C:\Documents and Settings\Klee Lisa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Klee Lisa\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\winsrc.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
C:\FOUND.000\FILE0000.CHK
C:\FOUND.000\FILE0001.CHK
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
C:\FOUND.001\FILE0001.CHK
C:\FOUND.001\FILE0002.CHK
C:\FOUND.001\FILE0003.CHK
C:\FOUND.001\FILE0004.CHK
C:\FOUND.001\FILE0005.CHK
C:\FOUND.001\FILE0006.CHK
C:\FOUND.001\FILE0007.CHK
C:\FOUND.001\FILE0008.CHK
C:\FOUND.001\FILE0009.CHK
C:\FOUND.001\FILE0010.CHK
C:\FOUND.001\FILE0011.CHK
C:\FOUND.001\FILE0012.CHK
C:\FOUND.001\FILE0013.CHK
C:\FOUND.001\FILE0014.CHK
C:\FOUND.001\FILE0015.CHK
C:\FOUND.001\FILE0016.CHK
C:\FOUND.001\FILE0017.CHK
C:\FOUND.001\FILE0018.CHK
C:\FOUND.002
C:\FOUND.002\FILE0000.CHK
C:\FOUND.002\FILE0001.CHK
C:\FOUND.002\FILE0002.CHK
C:\FOUND.002\FILE0003.CHK
C:\FOUND.002\FILE0004.CHK
C:\FOUND.002\FILE0005.CHK
C:\FOUND.002\FILE0006.CHK
C:\FOUND.002\FILE0007.CHK
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\FOUND.004
C:\FOUND.004\FILE0000.CHK
C:\FOUND.005
C:\FOUND.005\FILE0000.CHK
C:\FOUND.005\FILE0001.CHK
C:\FOUND.005\FILE0002.CHK
C:\FOUND.005\FILE0003.CHK
C:\FOUND.005\FILE0004.CHK
C:\FOUND.005\FILE0005.CHK
C:\FOUND.005\FILE0006.CHK
C:\FOUND.005\FILE0007.CHK
C:\FOUND.005\FILE0008.CHK
C:\FOUND.005\FILE0009.CHK
C:\FOUND.005\FILE0010.CHK
C:\FOUND.005\FILE0011.CHK
C:\FOUND.005\FILE0012.CHK
C:\FOUND.005\FILE0013.CHK
C:\FOUND.005\FILE0014.CHK
C:\FOUND.005\FILE0015.CHK
C:\FOUND.005\FILE0016.CHK
C:\FOUND.005\FILE0017.CHK
C:\FOUND.005\FILE0018.CHK
C:\FOUND.005\FILE0019.CHK
C:\FOUND.005\FILE0020.CHK
C:\FOUND.005\FILE0021.CHK
C:\FOUND.005\FILE0022.CHK
C:\FOUND.005\FILE0023.CHK
C:\FOUND.005\FILE0024.CHK
C:\FOUND.005\FILE0025.CHK
C:\FOUND.005\FILE0026.CHK
C:\FOUND.005\FILE0027.CHK
C:\FOUND.005\FILE0028.CHK
C:\FOUND.005\FILE0029.CHK
C:\FOUND.005\FILE0030.CHK
C:\FOUND.005\FILE0031.CHK
C:\FOUND.005\FILE0032.CHK
C:\FOUND.005\FILE0033.CHK
C:\FOUND.005\FILE0034.CHK
C:\FOUND.005\FILE0035.CHK
C:\FOUND.005\FILE0036.CHK
C:\FOUND.005\FILE0037.CHK
C:\FOUND.005\FILE0038.CHK
C:\FOUND.005\FILE0039.CHK
C:\FOUND.005\FILE0040.CHK
C:\FOUND.005\FILE0041.CHK
C:\FOUND.006
C:\FOUND.006\FILE0000.CHK
C:\FOUND.006\FILE0001.CHK
C:\FOUND.006\FILE0002.CHK
C:\FOUND.006\FILE0003.CHK
C:\FOUND.006\FILE0004.CHK
C:\FOUND.007
C:\FOUND.007\FILE0000.CHK
C:\Program Files\SmartEnhancer
C:\Program Files\SmartEnhancer\pcre3.dll
C:\Program Files\SmartEnhancer\SmartEnhancer-1.dll
C:\Program Files\SmartEnhancer\SmartEnhancer-2.dll
C:\Program Files\SmartEnhancer\SmartEnhancer.dat
C:\Program Files\SmartEnhancer\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 17:02 . 2008-06-04 17:02 0 --a------ C:\WINDOWS\system32\winsrc.dll.tmp
2008-06-04 14:01 . 2008-06-04 14:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 13:24 . 2008-06-04 13:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 13:24 . 2008-06-04 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 13:23 . 2008-06-04 13:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 12:27 . 2008-06-04 12:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 12:27 . 2008-06-04 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 23:36 . 2008-06-03 23:36 77,613 --a------ C:\WINDOWS\system32\scui.cpl
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 15:58 . 2008-05-12 15:59 3,072,054 --a------ C:\WINDOWS\wallpaper.bmp
2008-05-11 13:51 . 2008-05-11 13:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-09 23:09 . 2008-05-09 23:10 <DIR> d-------- C:\Documents and Settings\Klee Lisa\Application Data\Viewpoint
2008-05-07 20:56 . 2008-05-07 20:56 268 --ah----- C:\sqmdata02.sqm
2008-05-07 20:56 . 2008-05-07 20:56 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 10:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 10:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 10:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 17:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-28 16:03 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\DivX
2008-04-27 17:40 --------- d-----w C:\Program Files\DivX
2008-04-27 17:17 --------- d-----w C:\Program Files\uTorrent
2008-04-27 17:17 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\uTorrent
2008-04-16 17:09 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-13 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-13 16:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-13 13:30 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\AdobeAUM
2008-04-12 13:22 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\LimeWire
2008-04-10 20:19 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-09 16:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-08 19:26 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 19:26 --------- d-----w C:\Program Files\Windows Live
2008-04-08 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 18:55 --------- d-----w C:\Documents and Settings\Claire\Application Data\LimeWire
2008-04-08 18:54 --------- d-----w C:\Program Files\Java
2008-04-08 18:51 --------- d-----w C:\Program Files\Common Files\Java
2008-04-08 17:37 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\AOL
2008-04-08 14:12 --------- d-----w C:\Documents and Settings\Claire\Application Data\AOL
2008-04-08 14:10 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-04-08 14:10 --------- d-----w C:\Program Files\Common Files\aolback
2008-04-08 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-08 14:08 --------- d-----w C:\Program Files\Viewpoint
2008-04-08 14:07 --------- d-----w C:\Program Files\Common Files\aolshare
2008-04-08 14:07 --------- d-----w C:\Program Files\Common Files\aol
2008-04-08 14:07 --------- d-----w C:\Program Files\AOL 9.0 VR
2008-04-08 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-08 13:55 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 20:26 4,818 ----a-w C:\Documents and Settings\Klee Lisa\Application Data\wklnhst.dat
2008-01-24 20:42 204 ----a-w C:\Documents and Settings\Claire\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_17.50.42.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 16:47:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 20:49:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48 143360]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28 462848]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38 352256]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"HostManager"="C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Klee Lisa\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\aol\\1207663629\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-04 20:49:50 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-06-04 20:49:50 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:50:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\WINDOWS\SYSTEM32\MSPMSPSV.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
.
**************************************************************************
.
Completion time: 2008-06-04 21:52:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 20:52:10
ComboFix2.txt 2008-06-04 17:06:32

Pre-Run: 3,921,182,720 bytes free
Post-Run: 3,901,407,232 bytes free

272 --- E O F --- 2008-06-04 20:12:06



HiJackThis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:09, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\acer\epm\epm-dm.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1207677162359
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7301 bytes

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* HiJackThis Logfile justbarking Wed Jun 04 2008 02:36 PM
. * * Re: HiJackThis Logfile bricatModerator   Wed Jun 04 2008 04:00 PM
. * * Re: HiJackThis Logfile justbarking   Wed Jun 04 2008 06:38 PM
. * * Re: HiJackThis Logfile bricatModerator   Wed Jun 04 2008 07:34 PM
. * * Re: HiJackThis Logfile justbarking   Wed Jun 04 2008 10:10 PM
. * * Re: HiJackThis Logfile bricatModerator   Wed Jun 04 2008 11:17 PM
. * * Re: HiJackThis Logfile justbarking   Thu Jun 05 2008 09:36 AM
. * * Re: HiJackThis Logfile bricatModerator   Thu Jun 05 2008 10:21 AM
. * * Re: HiJackThis Logfile justbarking   Thu Jun 05 2008 03:59 PM
. * * Re: HiJackThis Logfile bricatModerator   Thu Jun 05 2008 07:13 PM

Extra information
1 registered and 18 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved