Xd3vilx - Hijackthis Log 09

[xd3vilx]

Logfile of HijackThis v1.99.1

Scan saved at 23:10:20, on 28/02/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Elantech\ktp.exe

C:\Program Files\Arcade\PCMService.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Filseclab\xfilter.exe

c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Home\My Documents\Hijackthis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter.exe" -a

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

[Tarun]

Thanks for posting xd3vilx.

Generated by Tarun's HijackThis Converter v0.50 Beta.

Default-color items are optional, red are known to be malicious.

Created registry value

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

Changed registry value

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Created registry value

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

Enumeration of existing IE's BHO's

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

Enumeration of suspicious auto-loading registry entries

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter.exe" -a

Extra IE context menu items

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

Extra "Tools" menu items and buttons

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Broken Internet access. To fix these you will need LSPFix

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter.dll

Enumeration of existing protocols and filters

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)