Hijack log help

**vic66** · 22nd Aug 2007

Hi all,new pc as a gift but its 8 years old have run sas, a squared and spybot all in save mode. All clean, my question is should i run a hijack this log who knows where this pc has been Please remember im a newbie and pc experience is prety much zilch!

running xp pro sp2
can somebody help please . (if a course you think this is required)

Thank very much in advance.

**evilfantasy** · 22nd Aug 2007

It won't hurt anything to check. You can post one and we will check it out.
Make sure you have updated and run a virus scan also.

**vic66** · 22nd Aug 2007

Thank you very much evilfantasy!
have run antivirus check every thing ok.
but as far as the rest (hijacklog) have know idea of where to even start .
Need guidance PLEASE!

**evilfantasy** · 22nd Aug 2007

Download HijackThis Here
Once you have it downloaded install/save it to it's own folder!!! This is important for it to work properly.
For example save in C:\program files\hijackthis
You can then create a shortcut on the desktop.
Once installed open the program and select Do a system scan and save logfile.
**Important DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Save the log to your desktop.
In the next post click Go Advanced.
Scroll down and click Manage Attachments and add the log as an attachment.

**vic66** · 22nd Aug 2007

Hope this is it

**vic66** · 22nd Aug 2007

I have the hijack log on desk top went advanced it sais hijackthis file eror

**evilfantasy** · 22nd Aug 2007

Just copy and paste it in the post.

**vic66** · 22nd Aug 2007

How this?

**vic66** · 22nd Aug 2007

Sorry will try again!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:52, on 22-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\a-squared Free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\programas\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programas\Panda Software\Panda Internet Security 2007\ApvxdWin.exe
D:\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRAMAS\EZ-DUB\EZ-DUB.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\WINDOWS\SYSTEM32\LVCOMSX.EXE
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaÃ§Ãµes
R3 - URLSearchHook: World_Tv_Center toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Programas\World_Tv_Center\tbWor1.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programas\IE7Pro\IE7Pro.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: World_Tv_Center toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Programas\World_Tv_Center\tbWor1.dll
O3 - Toolbar: World_Tv_Center toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Programas\World_Tv_Center\tbWor1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinPatrol] D:\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÃ‡O LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'ServiÃ§o de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programas\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programas\IE7Pro\IE7Pro.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/cli...eUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1182530546718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE1DED3-F082-4619-B898-1811199FF6D8}: NameServer = 212.55.154.174
O20 - Winlogon Notify: !SASWinLogon - D:\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\a-squared Free\a2service.exe
O23 - Service: LXCRCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCRse rv.exe (file missing)
O23 - Service: lxcr_device - Unknown owner - (no file)
O23 - Service: NBService - Nero AG - E:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoCtlSvc.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8347 bytes

**evilfantasy** · 22nd Aug 2007

Items to remove in HJT.
Open HJT and select do a system scan only.
Remember to close all windows before clicking fix checked.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaÃ§Ãµes
O8 - Extra context menu item: &Search -
O23 - Service: LXCRCustomerConnect - Unknown owner - C:WINDOWSSystem32spoolDRIVERSW32X863\LXCRse rv.exe (file missing)
O23 - Service: lxcr_device - Unknown owner - (no file)
Close all windows and click fix checked.

You need to choose one firewall and one antivirus. Running more than one each is un-necessary and can cause problems.
Other than that you are looking pretty good.

**vic66** · 22nd Aug 2007

Done!

THANK evilfantasy for your help and time.

regards
Victor

**evilfantasy** · 22nd Aug 2007

No problem, safe surfing.

Hijack log help

Thread Tools

Hijack log help

Hijack log help

Hijack log help

Hijack log help

Hijack log help

Hijack log help

Hijack log help

Hijack log help

Hijack log help

Hijack log help

Hijack log help

Hijack log help

Random Album Pictures

Similar Threads

Need Help with Hijack Log

Here is My Hijack Log

Help me and here is my hijack log

Hijack this log

Hijack this, erm, log

Search Cloud

User Tag List

Posting Permissions