Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:13:48 PM, on 2/7/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\spoolsv.exe G:\WINDOWS\Explorer.EXE G:\WINDOWS\RTHDCPL.EXE G:\Program Files\Microsoft Security Client\msseces.exe G:\Program Files\Vista Drive Icon\DrvIcon.exe G:\WINDOWS\system32\ctfmon.exe G:\Program Files\TCB Networks\StrokeIt\StrokeIt.exe G:\Documents and Settings\Me\My Documents\tbs\taskbarshuffle.exe E:\uTorrent\App\uTorrent\uTorrent.exe G:\Program Files\Styler\Styler.exe G:\Program Files\Internet Explorer\iexplore.exe G:\Program Files\Internet Explorer\iexplore.exe G:\Program Files\Internet Explorer\iexplore.exe G:\Program Files\Internet Explorer\iexplore.exe E:\Malwarebytes\MalwarebytesPortable.exe E:\Malwarebytes\App\Malwarebytes\mbam.exe G:\Documents and Settings\Me\My Documents\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - G:\Program Files\FindXer\FindeXer.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - G:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [MSC] "G:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [DrvIcon] G:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Malwarebytes\App\Malwarebytes\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [StrokeIt] G:\Program Files\TCB Networks\StrokeIt\StrokeIt.exe O4 - HKCU\..\Run: [Taskbar Shuffle] G:\Documents and Settings\Me\My Documents\tbs\taskbarshuffle.exe O4 - HKCU\..\Run: [uTorrent] "E:\uTorrent\App\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Styler.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296745214390 O20 - AppInit_DLLs: RemoveFocusRect.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 4280 bytes
You can analyse it yourself by pasting the results into the text box http://www.hijackthis.de/en and click analyse. You have 4 possibly nasty things. G:\Program Files\Microsoft Security Client\msseces.exe Possibly nasty! According to our database this process runs normally in c:\programme\microsoft security essentials\! Check if you know this process and arrange a viruscheck where required. Microsoft. G:\Program Files\TCB Networks\StrokeIt\StrokeIt.exe Possibly nasty! According to our database this process runs normally in c:\programme\strokeit\! Check if you know this process and arrange a viruscheck where required. Erkennung von Mausgesten G:\Documents and Settings\Me\My Documents\tbs\taskbarshuffle.exe Possibly nasty! According to our database this process runs normally in c:\programme\taskbar shuffle\! Check if you know this process and arrange a viruscheck where required. Taskbar Shuffle E:\uTorrent\App\uTorrent\uTorrent.exe Possibly nasty! According to our database this process runs normally in c:\programme\! Check if you know this process and arrange a viruscheck where required. Torrent Application