lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Hijack Log Files - What Do They Mean?

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
 
Thread Tools
  #1  
Old 23rd Jul 2009, 08:37
Member Group
  
Not too booked up on hijack files and what not, don't even know what they are or mean. Can someone tell me if this is good/bad/ugly/whatever?

Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 16:37:15, on 23/07/2009
Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v6.0 (6.0.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\hkcmd.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
F:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
F:\Program Files\NETGEAR\WG111T\wlan111t.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\taskmgr.exe
F:\WINDOWS\system32\mspaint.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AcroIEHelperStub - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [Advanced SystemCare 3] "F:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] F:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [O2Start] F:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...8f/wvc1dmo.cab
O16 - DPF: {3334504D-0000-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_14) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown - %systemRoot%\System32\svchost.exe
  #2  
Old 23rd Jul 2009, 09:20
Moderator Group
  
Download TrendMicro HijackThis.exe (HJT) to the Desktop.

  • Double-click on HJTInstall.
  • Click on the Install button.
  • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  • Upon install, HijackThis should open for you.
  • Click on the Do a system scan and save a log file button
  • HijackThis will scan and then a log will open in notepad.
  • Copy and then paste the entire contents of the log in your post.
  • Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
__________________
  #3  
Old 23rd Jul 2009, 10:22
Member Group
  
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:22, on 23/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\hkcmd.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
F:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
F:\Program Files\NETGEAR\WG111T\wlan111t.exe
F:\PROGRA~1\MOZILL~1\firefox.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] F:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [O2Start] F:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s
O4 - HKCU\..\Run: [Advanced SystemCare 3] "F:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE824E1-FEFE-47F3-90D8-77EBDEA8029D}: NameServer = 82.132.136.103 82.132.136.102
O23 - Service: Google Update Service (gupdate1ca0bb297284184) (gupdate1ca0bb297284184) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3593 bytes
  #4  
Old 23rd Jul 2009, 10:45
Moderator Group
  
Everything looks OK.

This is an optional fix but is suggested to remove.

Quote:
Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
Open HijackThis and select Do a system scan only

Vista users right click on HijackThis and select Run as Administrator. (you will receive a UAC prompt, please allow it)

Place a check mark next to the following entries: (if there)
  • O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Is the computer running OK?
__________________
  #5  
Old 24th Jul 2009, 05:09
Member Group
  
Yeah, it's running fine, thanks a lot. Didn't know what any of that stuff meant so was checking it's not harmful. Thanks again
  #6  
Old 24th Jul 2009, 08:34
Moderator Group
  
Understanding and Interpreting HijackThis Entries
__________________
Reply

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.