hijack this log am i hacked?

Discussion in 'adware, spyware & hijack cleaning' started by ridge, Jun 25, 2004.

Thread Status:
Not open for further replies.
  1. ridge

    ridge Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    2
    (Mod Note: Member has posted a more recent hijackthis log, which has been merged into this current thread (see post #2) - snap)


    Logfile of HijackThis v1.97.7
    Scan saved at 11:47:46 PM, on 25/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\addtf32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\SONYER~1\COMMUN~1\MOBILE~1\EPMWOR~1.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\ipan.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\William\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\adyqk.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://adyqk.dll/index.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://adyqk.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\adyqk.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://adyqk.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\adyqk.dll/sp.html#96676
    N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\William\Application Data\Mozilla\Profiles\default\infbmudu.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\William\Application Data\Mozilla\Profiles\default\infbmudu.slt\prefs.js)
    O2 - BHO: (no name) - {8D32D758-A1D6-5518-B819-34878C802C1B} - C:\WINDOWS\javaoj32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ipan.exe] C:\WINDOWS\ipan.exe
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
    Last edited by a moderator: Jun 26, 2004
    ridge, Jun 25, 2004
    #1
  2. ridge

    ridge Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    2
    help me hijack this log please

    Logfile of HijackThis v1.97.7
    Scan saved at 10:25:35 AM, on 26/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\addtf32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\ipan.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\SONYER~1\COMMUN~1\MOBILE~1\EPMWOR~1.EXE
    C:\WINDOWS\System32\LVComsX.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Documents and Settings\William\Desktop\New Folder (2)\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lrrof.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lrrof.dll/index.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lrrof.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lrrof.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lrrof.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lrrof.dll/sp.html#96676
    N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\William\Application Data\Mozilla\Profiles\default\infbmudu.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\William\Application Data\Mozilla\Profiles\default\infbmudu.slt\prefs.js)
    O2 - BHO: (no name) - {8D32D758-A1D6-5518-B819-34878C802C1B} - C:\WINDOWS\javaoj32.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ipan.exe] C:\WINDOWS\ipan.exe
    O4 - HKLM\..\RunOnce: [addtf32.exe] C:\WINDOWS\addtf32.exe
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
    ridge, Jun 25, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...