[can u see any thing strange in this hijack report??] - Computer Technology Forums

WE HAVE MOVED. Please see our NEW Computer Forums
Technology Forums | Technology Careers

11-8-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !!
See you there,
Larry



can u see any thing strange in this hijack report??

Go to the Tech-Forums Discussion Home Page


Posted by: psman

hello if any hijack this pro sees this please tell me if there is any thing wrong:

Logfile of HijackThis v1.99.1
Scan saved at 11:11:47 PM, on 4/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\system32\spoolsv.exe
G:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\niSvcLoc.exe
D:\WINDOWS\system32\nvsvc32.exe
G:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0
4.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\CursorXP\CursorXP.exe
F:\Program Files\Rainlendar\Rainlendar.exe
C:\Winamp\winamp.exe
D:\Program Files\SlimBrowser\sbrowser.exe
D:\WINDOWS\system32\DllHost.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Yahoo!\Messenger\YPager.exe
D:\FlashGet\flashget.exe
D:\PROGRA~1\WINZIP\winzip32.exe
G:\files\hijack this\HijackThis.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FlashGet\jccatch.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0
4.exe
O4 - HKLM\..\Run: [KAVPersonal50] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "g:\Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "g:\Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [] D:\PROGRA~1\NET2PH~1\N2PDialr.exe -auto
O4 - Startup: Shortcut to Rainlendar.lnk = F:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: Download All by FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - G:\files\ZIPSCA~1\zs_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74EF3D3-A1E0-4116-8A77-6DE4E89E8FD8}: NameServer = 62.68.42.2 62.240.32.5
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - G:\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NILM License manager - Macrovision Corporation - D:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - D:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - G:\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZoneLabs\vsmon.exe


Posted by: Warez Monster

Remove entries at your own risk


O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) Entries found in this registry zone are potentially nasty. This application ([ACB1E670-3217-45C4-A021-6B829A8A27CB] - Result: ACB1E670-3217-45C4-A021-6B829A8A27CB) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed

O4 - HKCU\..\Run: [] D:\PROGRA~1\NET2PH~1\N2PDialr.exe -auto Porn Dialer?? SPyware? Needs to be fixed

O17 - HKLM\System\CCS\Services\Tcpip\..\{A74EF3D3-A1E0-4116-8A77-6DE4E89E8FD8}: NameServer = 62.68.42.2 62.240.32.5 If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '62.68.42.2 62.240.32.5'? If not, fix this entry.


Posted by: psman

Tanx

N2PDialr.exe is the Net2phone exe its good i use it
the IPs are cool and from my ISP

O3 - Toolbar: (no name) this i really dont know maybe ill delete it


Posted by: Warez Monster

Ok...as long as they checkout, your good to go..


Posted by: psman

Thanks
i really did this as a check to my big problem in [url]http://www.tech-forums.net/showthread.php?s=&threadid=46989[/url] please can you check it for me


Posted by: Warez Monster

Ok, will check



Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site