Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Arucard's HJT log


  • Please log in to reply
2 replies to this topic

#1 Arucard

Arucard

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 July 2005 - 01:45 AM

Mod Edit: split this post from here:
Attack on Windows Media Player (Help me!)

I've got the same problem, here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 2:39:15 AM, on 7/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\atievxx.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Windows\System32\wuauclt.exe
C:\Windows\System32\svchost.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = John's Internet Exploder!
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PSof1] C:\Windows\System32\PSof1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83745270-9FDC-400A-9DA0-D01BEDA694E3}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



I think it was the PSof1.exe file that had something to do with this. Also the rpcapd.exe appears to be some sort of remote packet catcher. Thanks in advance, I'd really appreciate help on this. :thumbsup:

Edited by tg1911, 09 July 2005 - 02:29 AM.

Seekers of light...
--Believe not in truth...
----Believe not in forever...
For they are empty and inconstant, as are all things.

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:41 AM

Posted 11 July 2005 - 08:26 AM

If you still need help, could you post a fresh log please?

#3 Arucard

Arucard
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 12 July 2005 - 10:06 PM

Thanks a lot groovicus, but I've fixed the problem. I stopped the autostart of PSof1.exe using WinPatrol (a very nifty utility available on Download.com) and re-installed wmplayer.exe. Thanks again for offering help, though. It's very much appreciated. ^_^
Seekers of light...
--Believe not in truth...
----Believe not in forever...
For they are empty and inconstant, as are all things.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users