Hijackthis logfile

Computing.Net > Forums > Security and Virus > Hijackthis logfile - Hfdrv.exe

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hijackthis logfile - Hfdrv.exe

Name: pacer
Date: January 2, 2004 at 17:18:21 Pacific
OS: XP
CPU/Ram: 833/512

Comment:

Hi,
The above process started appearing in the Task Manager after I inadvertently opened a suspicious email attachment. Its effects are similiar to the pup.exe, but unlike the latter I could not shut it off from the Startup with 'Msconfig', because even after rebooting using 'Diagnostic Startup', when unchecked the process (actually 2 processes in HKCU and HKLM respectively), still reloads after the restart. Moreover, when I deleted its registry entries, they immediately appeared again in both Classes and Machine. I also located the actual file in the System32 folder, but when i tried to delete it the system doesn't allow me since it's running. Shutting it off via Task Manager is useless since it immediately restarts, even when ending the whole 'Process Tree'. Both Spybot and Adaware failed to remove it. Can anyone help?
I also ran CWS shredder and Hijackthis after suggestions from the XP Forum, yet still the file is still there. Any more ideas?
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Serv-U\ServUTray.exe
C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\logdisk.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\Hfdrv.exe
C:\Program Files\Serv-U\ServUAdmin.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Music2\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-big.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [dat64] C:\WINDOWS\System32\Hfdrv.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [CuteFTP Pro TE] "C:\Program Files\GlobalSCAPE\CuteFTP Pro\TE\ftpte.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [dat64] C:\WINDOWS\System32\Hfdrv.exe
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Spy (HKLM)
O9 - Extra 'Tools' menuitem: MSIE &Spy (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37965.6827662037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE131BD6-0DD5-4164-B90A-779235E2F850}: NameServer = 194.158.37.196 194.158.37.211

Sponsored Link

Ads by Google

Response Number 1

Name: sxshep
Date: January 2, 2004 at 17:51:53 Pacific

Reply:

Disable System Restore, enable Show Hidden Files, then....
Reboot into safe mode (tap F8 key on boot)
Open HJT and put check marks in the following to fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [dat64] C:\WINDOWS\System32\Hfdrv.exe
O4 - HKCU\..\Run: [dat64] C:\WINDOWS\System32\Hfdrv.exe
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB

Then, find (search for) and delete :
C:\WINDOWS\System32\Hfdrv.exe

Reboot normaly and post a new log, or update.
hth
Shep

Response Number 2

Name: sxshep
Date: January 2, 2004 at 17:54:08 Pacific

Reply:

If all is well re-enable System Restore, it will create a new one.
Shep

Response Number 3

Name: pacer
Date: January 3, 2004 at 04:01:40 Pacific

Reply:

Thanks for your useful tips. The system is free from that file now.

Sponsored Link

Ads by Google

hijackthis _ex-08.exe hijackthis gtb36.tmp.exe idrivert.exe hijackthis	i ran hijackthis hklm run [updates] updates exe download hijackthis sfx.exe b.exe hijackthis.exe damage, unable to delete
See More

AIM 2003 Party Pictures

Look2me computer virus

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Hijackthis logfile - Hfdrv.exe

System folder, HijackThis logfile

Summary

www.computing.net/answers/security/system-folder-hijackthis-logfile/10876.html

Help Hijackthis logfile

Summary

www.computing.net/answers/security/help-hijackthis-logfile/18752.html

fntldr.exe can not find/run

Summary

www.computing.net/answers/security/fntldrexe-can-not-findrun/11005.html

From the Geek Dictionary
LMAO - Laughing My Ass Off. Used when something is funny or hilarious to the user.

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
gaberiel knight 3

hardware properties

Lost Files But Did Not Delete Them (HELP!!)

cant find the name of that 90s pc game

How much RAM does your explore.exe use?

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE