Skip to content


Reply
Stone Esquire
mejack
Posts: 1
Registered: ‎04-06-2010
Accepted Solution

Hijack this log analysis

Would some one please take a look this and advise. Anything look out of place?

 

Thanks,

 

Michael

 

Please use plain text.
Stone Emissary
iamraprap
Posts: 14
Registered: ‎04-05-2010

Re: Hijack this log analysis

O4 - HKCU\..\Run: [nah_Shell] C:\Documents and Settings\Dave\nah_iyug.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

 

O4 - HKUS\S-1-5-21-1644491937-343818398-839522115-1003\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe (User '?')
O4 - HKUS\S-1-5-21-1644491937-343818398-839522115-1003\..\Run: [nah_Shell] C:\Documents and Settings\Dave\nah_iyug.exe (User '?')

 

O4 - HKUS\S-1-5-18\..\Run: [mplay32xe.exe] C:\WINDOWS\TEMP\mplay32xe.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [mplay32xe.exe] C:\WINDOWS\TEMP\mplay32xe.exe (User 'Default user')

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

 

i think these are suspicious... can you zip/rar these files and password protect and attach here? thanks!


i am a security enthusiast... i just like to help and indulge myself in security related things that catches my interest or my curiousity... all my responses are just based in experience and countless hours in the internet... :smileyhappy:
Please use plain text.
Trend Micro Employee
JamzYaneza
Posts: 104
Registered: ‎08-12-2009

Re: Hijack this log analysis

These entries are totally fishy. Have HijackThis disable/fix them and reboot.

O4 - HKLM\..\Run: [realteks] "C:\Documents and Settings\Dave\Application Data\Google\uqrke8412012.exe" 2

O4 - HKLM\..\Run: [jtkmcmfi] C:\Documents and Settings\Dave\Local Settings\Application Data\fxgbjt\tgefsysguard.exe

O4 - HKLM\..\Run: [fpbxfpde] C:\Documents and Settings\Dave\Local Settings\Application Data\vpopqa\tjyxsysguard.exe

O4 - HKCU\..\Run: [nah_Shell] C:\Documents and Settings\Dave\nah_iyug.exe

O4 - HKUS\S-1-5-21-1644491937-343818398-839522115-1003\..\Run: [nah_Shell] C:\Documents and Settings\Dave\nah_iyug.exe (User '?')

 

Just some caution, you've got several anti-malware applications that may be conflicting.

Make sure to update these and run a full scan in turn.

Flush your browser cache and temp files, reboot.

Run HijackThis and post your new log.


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.