Jump to content

Zonda's HiJackThis Log!


zonda

Recommended Posts

Okay... I am counting on merc, hannibal, cameron, grin, pyro.... the crew for this one. I currently don't have a firewall installed (long story) and I am about to disable ctfmon[Caution: ExecutableFile] (completly useless to me) All the 'extra button' junk is my moms (this is a family computer) and I can't convince her to get rid of all her junk. Anyways, take a gander at it and let me know what you find :wink:

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 8:35:08 PM, on 4/23/2005

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\explr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\mcafee.com\vso\mcvsescn[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]

 

 

 

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\unzipped\hijackthis\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

 

 

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

 

 

 

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: ExecutableFile]" /checktask

 

 

 

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

 

 

O4 - HKCU\..\Run: [ctfmon[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

 

 

 

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

 

 

 

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

 

 

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile]

 

 

 

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 0852496750

 

 

 

O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll

 

 

 

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: ExecutableFile]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]

 

 

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile]

...

Link to comment
Share on other sites

Do your best getting a firewall up and running :-?

 

 

 

 

 

 

 

C:\WINDOWS\system32\explr[Caution: ExecutableFile] and

 

 

 

O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll

 

 

 

 

 

 

 

??

 

 

 

Do you know anything about these?

 

 

 

 

 

 

 

Oh and

 

 

 

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

 

 

 

Isn't doing anything at all ;)

Link to comment
Share on other sites

Do your best getting a firewall up and running :-?

 

 

 

 

 

 

 

C:\WINDOWS\system32\explr.e3e (CAUTION - executable file) and

 

 

 

O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll

 

 

 

 

 

 

 

??

 

 

 

Do you know anything about these?

 

 

 

 

 

 

 

Oh and

 

 

 

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

 

 

 

Isn't doing anything at all ;)

 

 

 

 

 

 

 

Oh yea, explr is my personal keylogger, great way to manage what goes on in my computer :wink:

 

 

 

 

 

 

 

I saw the extra button (no name) as well, but wanted a seconrd opinion. Thanks!

...

Link to comment
Share on other sites

 

C:\WINDOWS\system32\explr.e3e (CAUTION - executable file) and

 

 

 

O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll

Oh yea, explr is my personal keylogger, great way to manage what goes on in my computer :wink:
Lol :| You do relise I think it's illegal if you don't tell people you're doing it.
Link to comment
Share on other sites

 

 

C:\WINDOWS\system32\explr.e3e (CAUTION - executable file) and

 

 

 

O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll

Oh yea, explr is my personal keylogger, great way to manage what goes on in my computer :wink:
Lol :| You do relise I think it's illegal if you don't tell people you're doing it.

 

 

 

 

 

 

 

ohhhh, I am a rebel! Fight the man!! lol...

 

 

 

 

 

 

 

No, I mean I just have it for LAN parties and such. Usually around 6 A.M. I will go to sleep (fragging makes you tierd)

 

 

 

 

 

 

 

I then set my screen saver to 1 minute and throw on the password protect. We tend to play a lot of pranks on each other and I don't want them messing with my comp. Drawing on a sleeping person is one thing, mauling their computer is another. My friend had another friend put a program put on his computer that would delete 1 random file everytime he booted up. He ended up having an overheating problem so he rebooted over and over... eventually to the point to that "one random file" being a system file... lol

 

 

 

 

 

 

 

Another time, someone opened a friends case and hid his car keys in it. He woke up the next morning late for work and unable to find his keys... when he fianlly figured out where the kid hid them, he also found out the kid fryed his video card (moron lol)

 

 

 

 

 

 

 

Why am I babbling on? Oh because I didn't sleep good last night and I am tierd as hell, so I will share some more stories later on when I die :lol:

...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.