rakesh14021983
Broken In
Hi... i have pasted my hijackthis.log below... can u folks tell me if something is wrong here? cuz there are a lot of entries which i dont understand at all..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:47 PM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
I:\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrB.exe
h:\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rakesh\Local
Settings\Application
Data\Google\Update\GoogleUpdate.exe
H:\BitLord_New\BitLord.exe
I:\hijack_this\HijackThis.exe
O2 - BHO: IDMIEHlprObj Class -
{0055C089-8582-441B-A0BF-17B458C2A3A8} -
I:\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
H:\SPYBOT~2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
I:\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client]
"i:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] I:\Internet Download
Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Spybot -
Search & Destroy NEW\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents
and Settings\Rakesh\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Google Talk, Labs Edition.lnk =
C:\Documents and Settings\Rakesh\Local
Settings\Application Data\Google\Google Talk, Labs
Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Monitor Apache Servers.lnk =
C:\Program Files\Apache Software
Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKLM\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O8 - Extra context menu item: Download All Links with
IDM - I:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video
content with IDM - I:\Internet Download
Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM -
I:\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
H:\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy
Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
H:\SPYBOT~2\SDHelper.dll
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF:
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
Photo Upload Tool) -
*gfx1.mail.live.com/mail/w1/resources/MSNPUpl
d.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{35B87CA5-84
8F-4BE4-A473-B4259DEF85AE}: NameServer =
172.16.55.1,125.22.47.125
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B99D0774-639
7-421E-8F77-8CC991CCF192}: NameServer =
202.149.60.36 202.149.60.37
O18 - Protocol: grooveLocalGWS -
{88FED34C-F0CA-4636-A375-3CB6248B04CD} -
I:\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) -
Lavasoft - I:\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation
- C:\Program Files\Apache Software
Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ares Chatroom server (AresChatServer) -
Ares Development Group - C:\Program
Files\Ares\chatServer.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG
Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Unknown owner - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe (file
missing)
O23 - Service: Diskeeper - Unknown owner -
I:\Diskeeper\DkService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH -
C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner -
C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) -
Rocket Division Software - h:\Alcohol
120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service
(TuneUp.Defrag) - TuneUp Software GmbH -
C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) -
Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc)
- Unknown owner - C:\Program Files\Windows
Live\installer\WLSetupSvc.exe
--
End of file - 5997 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:47 PM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
I:\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrB.exe
h:\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rakesh\Local
Settings\Application
Data\Google\Update\GoogleUpdate.exe
H:\BitLord_New\BitLord.exe
I:\hijack_this\HijackThis.exe
O2 - BHO: IDMIEHlprObj Class -
{0055C089-8582-441B-A0BF-17B458C2A3A8} -
I:\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
H:\SPYBOT~2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
I:\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client]
"i:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] I:\Internet Download
Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Spybot -
Search & Destroy NEW\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents
and Settings\Rakesh\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Google Talk, Labs Edition.lnk =
C:\Documents and Settings\Rakesh\Local
Settings\Application Data\Google\Google Talk, Labs
Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Monitor Apache Servers.lnk =
C:\Program Files\Apache Software
Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKLM\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O8 - Extra context menu item: Download All Links with
IDM - I:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video
content with IDM - I:\Internet Download
Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM -
I:\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
H:\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy
Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
H:\SPYBOT~2\SDHelper.dll
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF:
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
Photo Upload Tool) -
*gfx1.mail.live.com/mail/w1/resources/MSNPUpl
d.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{35B87CA5-84
8F-4BE4-A473-B4259DEF85AE}: NameServer =
172.16.55.1,125.22.47.125
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B99D0774-639
7-421E-8F77-8CC991CCF192}: NameServer =
202.149.60.36 202.149.60.37
O18 - Protocol: grooveLocalGWS -
{88FED34C-F0CA-4636-A375-3CB6248B04CD} -
I:\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) -
Lavasoft - I:\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation
- C:\Program Files\Apache Software
Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ares Chatroom server (AresChatServer) -
Ares Development Group - C:\Program
Files\Ares\chatServer.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG
Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service
(CLTNetCnService) - Unknown owner - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe (file
missing)
O23 - Service: Diskeeper - Unknown owner -
I:\Diskeeper\DkService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH -
C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner -
C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) -
Rocket Division Software - h:\Alcohol
120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service
(TuneUp.Defrag) - TuneUp Software GmbH -
C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) -
Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc)
- Unknown owner - C:\Program Files\Windows
Live\installer\WLSetupSvc.exe
--
End of file - 5997 bytes