Previous Topic Next Topic

Hijack this log

Closed
sumana soh Posts 62 Registration date Monday March 15, 2010 Status Member Last seen May 10, 2010 - May 2, 2010 at 07:20 AM
sumana soh Posts 62 Registration date Monday March 15, 2010 Status Member Last seen May 10, 2010 - May 3, 2010 at 08:57 AM
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:19:23 PM, on 2/5/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sumana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sumana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sumana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Sumana\Documents\Downloads\Crack\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: OfficeSAS.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Users\Sumana\Documents\Downloads\Crack\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Users\Sumana\Documents\Downloads\Crack\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Users\Sumana\Documents\Downloads\Crack\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{201798CE-C46C-4D26-873A-4D7E0870B62F}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{201798CE-C46C-4D26-873A-4D7E0870B62F}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{201798CE-C46C-4D26-873A-4D7E0870B62F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

3 responses

Answer 1 / 3
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,166
May 2, 2010 at 08:55 AM
Hello Sumana,

You sure have a unique way to get into trouble. You are real comedy on two feet!

What is your system doing this time?

Why on earth do you have "crack" files, not only illegal but extremely dangerous?

I may not be able to give you an answer untill much later today, if I get your answers.

Catch you later
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,166
May 3, 2010 at 04:54 AM
Hi Sumana,

I am waiting for your answer.

What is wrong with your system?
sumana soh Posts 62 Registration date Monday March 15, 2010 Status Member Last seen May 10, 2010 1
May 3, 2010 at 06:19 AM
er....the crack is hard to explain but it is clean?
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,166
May 3, 2010 at 06:22 AM
You mean is your system clean or the crack clean?
sumana soh Posts 62 Registration date Monday March 15, 2010 Status Member Last seen May 10, 2010 1
May 3, 2010 at 07:07 AM
i think my whole system is clean,and ambucias i just install spybot 1.62,when the installtion begins,i unchecked the SD HELPER AND TEATIMER,THEN I UPDATE IT,BUT THERE HAS THE DEFINITION UPDATES AND IMUNNZATION UPDATE AND TEATIMER UPDATES,I DOWNLOAD INSTALL the definition updates and immunazation but i didin install the teatimer update,it is okay?coz i don wan the tea timer,and imunaztion ,can i don download it
sumana soh Posts 62 Registration date Monday March 15, 2010 Status Member Last seen May 10, 2010 1
May 3, 2010 at 07:12 AM
but i did install the imunation updates,but i didin imunize my ie,protected=0,but i heard there are beta going on
Answer 2 / 3
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,166
May 3, 2010 at 08:24 AM
That means that your system is vulnerable to get spyware and adware.

Do you have Spybot Search and Destroy?

https://ccm.net/downloads/security-and-maintenance/4561-spybot-search-destroy/
Answer 3 / 3
sumana soh Posts 62 Registration date Monday March 15, 2010 Status Member Last seen May 10, 2010 1
May 3, 2010 at 08:37 AM
yea,and i didn imunize ie,and i just use it on-demand
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,166
May 3, 2010 at 08:55 AM
Because you are using Avast free you can use Spybot's Tea-Timer.

Do me a favor, download and run Startuplite. It will make you system start faster and prevent some vulnerable application from starting at boot. Say yes to all install and run questions.

https://data-cdn.mbamupdates.com/web/startuplite-setup-1.07.exe

That is all for today

Bye
sumana soh Posts 62 Registration date Monday March 15, 2010 Status Member Last seen May 10, 2010 1
May 3, 2010 at 08:57 AM
bye thx!

Similar discussions

you need the official whatsapp to use this account android
ayushbansal -
vapsagerta -

13 responses
I can’t log into TikTok with twitter
hm -
HelpiOS -

1 response
You need to log in to view this page
Shazneen -
B -

8 responses
Facebook says I have been trying too often
Sameer -
owilson -

2 responses
Where are all my bookmarks?
beauknowsdiddly -
Gtip_8062 -

1 response