HijackThis.log something wrong here?

[rakesh14021983]

Hi... i have pasted my hijackthis.log below... can u folks tell me if something is wrong here? cuz there are a lot of entries which i dont understand at all..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:47 PM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
I:\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrB.exe
h:\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rakesh\Local

Settings\Application

Data\Google\Update\GoogleUpdate.exe
H:\BitLord_New\BitLord.exe
I:\hijack_this\HijackThis.exe

O2 - BHO: IDMIEHlprObj Class -

{0055C089-8582-441B-A0BF-17B458C2A3A8} -

I:\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

H:\SPYBOT~2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper -

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

I:\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client]

"i:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY]

C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] I:\Internet Download

Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Spybot -

Search & Destroy NEW\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents

and Settings\Rakesh\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Google Talk, Labs Edition.lnk =

C:\Documents and Settings\Rakesh\Local

Settings\Application Data\Google\Google Talk, Labs

Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Monitor Apache Servers.lnk =

C:\Program Files\Apache Software

Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKLM\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O8 - Extra context menu item: Download All Links with

IDM - I:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video

content with IDM - I:\Internet Download

Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM -

I:\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

H:\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

H:\SPYBOT~2\SDHelper.dll
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF:

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN

Photo Upload Tool) -

http://gfx1.mail.live.com/mail/w1/resources/MSNPUpl

d.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{35B87CA5-84

8F-4BE4-A473-B4259DEF85AE}: NameServer =

172.16.55.1,125.22.47.125
O17 -

HKLM\System\CCS\Services\Tcpip\..\{B99D0774-639

7-421E-8F77-8CC991CCF192}: NameServer =

202.149.60.36 202.149.60.37
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248B04CD} -

I:\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) -

Lavasoft - I:\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation

- C:\Program Files\Apache Software

Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ares Chatroom server (AresChatServer) -

Ares Development Group - C:\Program

Files\Ares\chatServer.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG

Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service

(CLTNetCnService) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe (file

missing)
O23 - Service: Diskeeper - Unknown owner -

I:\Diskeeper\DkService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -

NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH -

C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner -

C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) -

Rocket Division Software - h:\Alcohol

120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service

(TuneUp.Defrag) - TuneUp Software GmbH -

C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) -

Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc)

- Unknown owner - C:\Program Files\Windows

Live\installer\WLSetupSvc.exe

--
End of file - 5997 bytes

[mad_max]

i sent you a pm

[Cool Joe]

Nothing wrong as far as I can see. Are you facing any problems?

[debsuvra]

I also cant see anything wrong in the log.

OFFTOPIC : Why did you have more than one Disk Defragmenting programs running at the same time ?

[infra_red_dude]

Beep Beep.. Do I see something fishy here?

Quote:

C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrB.exe

[Krazy_About_Technology]

@infra_red_dude: oodag.exe is the main executable for O & O Defragmentor and PnkBstrB.exe is a anti-cheating program that comes with many games like Battlefield 2 and COD4 as far as i know. But it can be a malware also disguising its name. But the good thing is that the file can be verified. Original file has a Verisign certificate.

@rakesh14021983: Dude, are you having any problem? what is there to troubleshoot? There is nothing seems to be wrong in your config.

[mehulved]

Quote:

Originally Posted by infra_red_dude

Beep Beep.. Do I see something fishy here?

Nope.
C:\WINDOWS\system32\PnkBstrB.exe - http://www.punksbusted.com/forums/in...howtopic=35677
C:\WINDOWS\system32\oodag.exe - http://www.processlibrary.com/directory/files/oodag

[infra_red_dude]

Ok.. I didn't know about OO Defrag executable. Something new I learnt

Apart from that suspicion, hijackthis log is clean!