«
»

Please Help Me Analyze This Hijack This Log File. Please Be Sure About Your Answer.please?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:52 PM, on 7/15/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Installed softwares\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Installed softwares\Spyware Terminator\sp_rsser.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
F:\Installed softwares\AlienGUIse\wbload.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Installed softwares\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Google\Google Talk\googletalk.exe
F:\Installed softwares\NET\utorrent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray…
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Installed softwares\hijack this\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher…
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa…
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custom…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa…
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb…
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custom…
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa…
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 – URLSearchHook: (no name) – {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} – C:\PROGRA~1\Crawler\ctbr.dll
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper…
O2 – BHO: (no name) – {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} – C:\PROGRA~1\Crawler\ctbr.dll
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Crawler Toolbar – {4B3803EA-5230-4DC3-A7FC-33638F3D3542} – C:\PROGRA~1\Crawler\ctbr.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskb…
O4 – HKLM\..\Run: [!AVG Anti-Spyware] “F:\Installed softwares\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 – HKLM\..\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SpywareTerminator] “F:\INSTAL~1\SPYWAR~1\SpywareTerminatorS…
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\smax4.exe” /tray
O4 – HKCU\..\Run: [googletalk] “C:\Program Files\Google\Google Talk\googletalk.exe” /autostart
O4 – HKCU\..\Run: [uTorrent] “F:\Installed softwares\NET\utorrent.exe”
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EX… -quiet
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 – Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 – Extra context menu item: &WordWeb… – res://C:\WINDOWS\wweb32.dll/lookup.html
O8 – Extra context menu item: Crawler Search – tbr:iemenu
O8 – Extra context menu item: E&xport to Microsoft Excel – res://F:\INSTAL~1\MICROS~1\OFFICE11\EXCE…
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 – Extra button: Yahoo! Services – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – F:\INSTAL~1\MICROS~1\OFFICE11\REFIEBAR.D…
O10 – Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 – DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) –
O17 – HKLM\System\CCS\Services\Tcpip\..\{0EF59… NameServer = 125.22.47.125,202.56.250.5
O17 – HKLM\System\CCS\Services\Tcpip\..\{1C1A7… NameServer = 218.248.255.146 218.248.255.139
O17 – HKLM\System\CS1\Services\Tcpip\..\{0EF59… NameServer = 125.22.47.125,202.56.250.5
O17 – HKLM\System\CS2\Services\Tcpip\..\{0EF59… NameServer = 125.22.47.125,202.56.250.5
O17 – HKLM\System\CS3\Services\Tcpip\..\{0EF59… NameServer = 125.22.47.125,202.56.250.5
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 – Protocol: tbr – {4D25FB7A-8902-4291-960E-9ADA051CFBBF} – C:\PROGRA~1\Crawler\ctbr.dll
O22 – SharedTaskScheduler: dizening – {70d17a5f-ef27-4295-90f5-20ad6f24834f} – (no file)
O23 – Service: AVG Anti-Spyware Guard – GRISOFT s.r.o. – F:\Installed softwares\AVG Anti-Spyware 7.5\guard.exe
O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB… (Bonjour Service) – Apple Computer, Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Sunbelt Kerio Personal Firewall 4 (KPF4) – Sunbelt Software – C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 – Service: NetCom3 Service (Netcom3) – Unknown owner – F:\Installed softwares\Netcom3 Cleaner\PSCMonitor.exe
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Spyware Terminator Realtime Shield Service (sp_rssrv) – Crawler.com – F:\Installed softwares\Spyware Terminator\sp_rsser.exe
O23 – Service: STI Simulator – Unknown owner – C:\WINDOWS\System32\PAStiSvc.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

End of file – 8969 bytes

Tags: , , , , , , ,

This entry was posted on Wednesday, October 14th, 2009 at 5:52 pm and is filed under ocx files. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Please Help Me Analyze This Hijack This Log File. Please Be Sure About Your Answer.please?”

  1. Product & Services Reviews says:
    October 14, 2009 at 5:52 pm

    Post this stuff on the HijackThis website for analysis, they are the experts.

Leave a Reply