Please help analyze my HiJackThis log...

Discussion in 'Computer Support' started by Nate, Oct 25, 2006.

  1. Nate

    Nate Guest

    Hello, my name is Nathan and I was hoping that someone could take a
    quick look at my log and see if anything is out of wack. I'm normally
    not so suspicious, but I'm curious to know if others are actively
    spying on my computer activity (i.e. SpectorSoft software, recording
    entries, keystrokes, etc.) and if my HiJackThis file would even tell me
    this. If there's any other thing I can or should remove as well, I'll
    gladly accept any suggestions.

    Beyond the obvious risk of getting on the web in general, with cookies,
    ActiveX, and so on, I wonder if people can have control of "when" they
    spy on others...well, anyway, just some zany thoughts of mine. Any
    advice would be greatly appreciated!

    Thanks,
    Nathan




    Logfile of HijackThis v1.99.1
    Scan saved at 7:12:17 PM, on 10/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\NathanWayne\Desktop\hijackthis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://hsremove.com/done.htm
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
    Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program
    Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
    Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Sothink SWF Catcher -
    {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common
    Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher -
    {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common
    Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments
    Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
    C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
    Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner
    - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner -
    C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program
    Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program
    Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program
    Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program
    Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common
    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
    Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG -
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program
    Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common
    Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
    Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
    C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation -
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
     
    Nate, Oct 25, 2006
    #1
    1. Advertisements

  2. Nate

    Leythos Guest

    If you read the instructions that were included you would know to have
    posted your file to one of the MANY online forums that have people that
    will provide a quality analysis of your log.

    Anything you get here could be wrong - try posting your log to one of
    the proper websites.
     
    Leythos, Oct 25, 2006
    #2
    1. Advertisements

  3. Nate

    Meat Plow Guest

    There are specific web-based forums for submitting Hijack logs to. Seek
    one out and join.
     
    Meat Plow, Oct 25, 2006
    #3
  4. Nate

    pcbutts1 Guest

    pcbutts1, Oct 26, 2006
    #4
  5. Nate

    Nate Guest

    Thanks! And in the future, I'll make sure to go to the right place for
    submittal.
    Thanks again!

    Nate
     
    Nate, Oct 26, 2006
    #5
  6. Nate

    pcbutts1 Guest

    pcbutts1, Oct 26, 2006
    #6
  7. Nate

    Meat Plow Guest

    PCButts is the troll. THe right place to submit your logs would be:

    http://www.hijackthis.de/
     
    Meat Plow, Oct 26, 2006
    #7
  8. Nate

    Leythos Guest

    If you read the directions and documents you would know that this is the
    WRONG place to post them. But, as you are always acting in an Unethical
    manner, we don't expect you to follow the vendors recommendations.
     
    Leythos, Oct 26, 2006
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.