Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 2:09am
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   HiJackThis scan log		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: HiJackThis scan log  (Read 217 times)
sacerdos
Newbie
*





   


Posts: 41
HiJackThis scan log
« on: Dec 4th, 2007, 8:06pm »		 Quote Quote  Modify Modify
To Siliconman01
 
I've just installed a new system. The first HijackThis scan log has turned up some suspicious looking (to me) entries, particularly the 023 items. Could you kindly check it out for me. Thanks.
 
sacLogfile of HijackThis v1.99.1
Scan saved at 4:57:55 PM, on 12/4/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
 
Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files (x86)\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\TrojanHunter 5.0\TrojanHunter.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Garth\AppData\Local\Temp\Temp5_hijackthis.zip\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:  
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
 
« Last Edit: Dec 4th, 2007, 9:16pm by sacerdos » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: HiJackThis scan log
« Reply #1 on: Dec 5th, 2007, 12:11am »		 Quote Quote  Modify Modify
You are correct...something is very wrong with this Hijackthis log...and perhaps your new system installation.  Is this a Vista installation?
 
Please install Hijackthis V2.0.2 from TrendMicro and see if it gets the same results.  The link below provides info on HiJackthis.
 
http://www.misec.net/forum/board/FAQ/1163329424
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
sacerdos
Newbie
*





   


Posts: 41
Re: HiJackThis scan log
« Reply #2 on: Dec 5th, 2007, 12:46am »		 Quote Quote  Modify Modify
Yes, I'm running Vista Home Premium, a 64-bit system compared to the previous 32-bit system. The Trend Micro
scan produced the same result. Apart from the scan result,
the system appears to function very well.  I hasten to add
that I did not do the installation. The tech from the shop where I purchased it did the work.
« Last Edit: Dec 5th, 2007, 12:57am by sacerdos » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: HiJackThis scan log
« Reply #3 on: Dec 5th, 2007, 1:21am »		 Quote Quote  Modify Modify
I suspect that Hijackthis may not be compatible for Vista 64-bit systems.  There is no info about this on the system requirements stated on Trend Micro's website.
 
Is there a Vista system option that allows you to run HJT in 32-bit mode?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
sacerdos
Newbie
*





   


Posts: 41
Re: HiJackThis scan log
« Reply #4 on: Dec 5th, 2007, 1:36am »		 Quote Quote  Modify Modify
I don't believe I can run a 32-bit system scan. I have the option of running IE-7 in either a 32 or 64 bit configuration, but that probably is not helpful in this case.  Is your Vista system 64 bit, and are your able to scan with HijackThis in either mode?
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: HiJackThis scan log
« Reply #5 on: Dec 5th, 2007, 1:46am »		 Quote Quote  Modify Modify
I'm running Vista Business 32-bit and HJT scans and displays info correctly.  Everything looks okay in your HJT scan log except that it does not find the file source for services.  
 
I assume that you are aware that you need to closely check third party software websites for 64-bit versions of software.  Many programs require a different download/installer for 64-bit.  
 
Here is something you need to check.  There is no Outlook Express in Vista.  It is Windows Mail.
 
Quote:
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
sacerdos
Newbie
*





   


Posts: 41
Re: HiJackThis scan log
« Reply #6 on: Dec 5th, 2007, 2:03am »		 Quote Quote  Modify Modify
Yes, I'm aware of the situation regarding 32-bit software and
the present limitation concerning 64-bit applications. I have already updated some of my software from vendors that provide both 32 and 64-bit installers. Hopefully, in time more vendors will offer both options. I suspect that the movement to the 64-bit mode system will only gather momentum as time passes.  
 
Thanks for your helps! Cheers! G. Smiley
 
 
« Last Edit: Dec 5th, 2007, 2:09am by sacerdos » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: HiJackThis scan log
« Reply #7 on: Dec 5th, 2007, 2:16am »		 Quote Quote  Modify Modify
You're most welcome.  Cheesy
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register