Jump to content

HJT log, please see if anything keyloggerish

Ellhound

By Ellhound
in Tech and Computers

 Share

Recommended Posts

Ellhound

Ellhound

Posted
Posted

Im posting this for a friend who got hacked\keylogged\whatever.

 

 

 

Anyone see something wrong in this?

 

 

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 13:59:24, on 03/05/2005

 

 

 

Platform: Windows ME (Win9x 4.90.3000)

 

 

 

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

 

 

 

C:\WINDOWS\SYSTEM\MSGSRV32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\SPOOL32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\MPREXE[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\MSTASK[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\ESCAN\AVKWCTL9X[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\ESCAN\TRAYICOS[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\ESCAN\AVKSERV[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\RESTORE\STMGR[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\EXPLORER[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\TASKMON[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\SYSTRAY[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\WMIEXE[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\LOADQM[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\ESCAN\MAILDISP[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\WINOA386.MOD

 

 

 

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\ESCAN\SPOOLER[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\DDHELP[Caution: ExecutableFile]

 

 

 

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\STIMON[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SYSTEM\PSTORES[Caution: ExecutableFile]

 

 

 

C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS(1)[Caution: Executable File]

 

 

 

 

 

 

 

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

 

 

 

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw[Caution: ExecutableFile] /autorun

 

 

 

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd[Caution: ExecutableFile] -s

 

 

 

O4 - HKLM\..\Run: [systemTray] SysTray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme

 

 

 

O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

 

 

 

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install

 

 

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit

 

 

 

O4 - HKLM\..\Run: [LoadQM] loadqm[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32[Caution: ExecutableFile] powrprof.dll,LoadCurrentPwrScheme

 

 

 

O4 - HKLM\..\RunServices: [schedulingAgent] mstask[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [eScan Monitor] C:\PROGRA~1\ESCAN\AVKWCT~1[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [eScan Updater] C:\PROGRA~1\ESCAN\TRAYICOS[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [eScan Scheduler] C:\PROGRA~1\ESCAN\avkserv[Caution: ExecutableFile] /systemstart

 

 

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

 

 

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O10 - Broken Internet access because of LSP provider 'mwnsp.dll' missing

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab

 

 

 

O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/c ... /wt1_x.cab

 

 

 

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab

 

 

 

O21 - SSODL: OLE Module - {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} - C:\WINDOWS\SYSTEM\trf32.dll

darksigjd4.jpg

[Ellhound JR][Combat [bleep]][138][200M Attack XP][134/200M Hitpoints XP][250+ jad kills][ <!-- m -->http://www.ellhound.com<!-- m -->]

Link to comment
Share on other sites
blade995

blade995

Posted
Posted

firstly have your friend go to windows update You have no service packs or the latest version of internet explorer.

 

 

 

 

 

 

 

windowsupdate.microsoft.com and install all ctrical updates

 

 

 

 

 

 

 

even if your friend does not use internet explorer, you still need to have the latest version.

goldenblade995.png
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept