can anyone help me to analyse this "hijackthis" logfile
+ Reply to Thread
Results 1 to 4 of 4

Thread: can anyone help me to analyse this "hijackthis" logfile

  1. #1
    Join Date
    May 2004
    Location
    Taiwan
    Posts
    1,356

    Default can anyone help me to analyse this "hijackthis" lo

    hi

    Very recently my computer was infected by look2me spyware.Some how i reparied and i have a small doubt that ," there will be some more spyware". please help me to find out the unwanted files.Thanks in advance

    Paul

    Logfile of HijackThis v1.99.1
    Scan saved at 12:52:46 AM, on 3/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.e xe
    C:\WINDOWS\system32\services.e xe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.ex e
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.ex e
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.ex e
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\ssoftsrv.e xe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\s3hotkey.e xe
    C:\WINDOWS\system32\S3Tray2.ex e
    C:\WINDOWS\System32\00THotkey. exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED. Exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TPWRTRAY.E XE
    C:\WINDOWS\System32\spool\DRIV ERS\W32X86\3\fppdis2a.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\osk.exe
    C:\WINDOWS\system32\MSSWCHX.EX E
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Aranganathan\Desktop\ HijackThis.exe

    R1 - HKCU\Software\Microsoft\Intern et Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Intern et Explorer\Main,Local Page = c:\secure32.html
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dl l
    O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey. exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED. Exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRI VERS\W32X86\3\fppdis2a.exe" /source=HKLM
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.ex e /Consumer
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Bi naries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched .exe" -osboot
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dl l/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dl l/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dl l/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dl l/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\ EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dl l/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dl l/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: MultiVoice Web Client v2.1 - http://hicall.hinet.net/webdial/mvwc/2.1/mvwc_IEDU.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1117624707576
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126362367134
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip \..\{E82082CA-2CCC-4A7B-8E97-C0C57CD2AC7E}: NameServer = 168.95.192.1 168.95.1.1
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\ SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.e xe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

  2. #2

    Default

    Hmmm..
    I dont see anything suspicious!
    No worries!
    http://img260.echo.cx/img260/4071/zpsig5xf.png
    TAMILAN Indru solluda, Talle nimithe Nee Nilleda!

  3. #3
    Join Date
    May 2004
    Location
    Taiwan
    Posts
    1,356

    Default

    THANKS ZEPENGUIN........

  4. #4

    Smile Early to bed and early to rise, makes a man healthy, wealthy, and wise.

    We are professional suppliers who special focus on the brand:Uggs Classic Tall,Ugg Bailey Button,Air Jordan online store,MLB Jerseys,Cheap NHL Jerseys, NHL Jerseys, NBA Jerseys,Cheap cartier glasses,GHD, New styles and hot styles are active every day.We wholesale our products at very low price but with high quality.Our products are always very hot in USA, UK, Canada, Australia, etc., Many wholesalers, retailers, shop owner, online store owner, byers buy and resell our products.We welcome buyers from all over the world. Let's do business bit by bit and become our old customers.Ugg boots more information uggonsale.org

+ Reply to Thread

Similar Threads

  1. World smartest men give "a thoughtful gift" for a "Husband & wife" with Some "kadis"
    By vennpuraa in forum Jokes / நகைச்சுவை
    Replies: 8
    Last Post: 10-07-2006, 06:35 AM
  2. Why & how do "good looking" girls become "gundu" aunties?
    By kannanraja in forum Women's Talk
    Replies: 78
    Last Post: 05-04-2004, 01:43 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts