HighJackThis Log Help

Discussion in 'All other topics' started by j_holmes, Aug 25, 2004.

  1. j_holmes

    j_holmes Regular member

    Joined:
    Jun 30, 2004
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    26
    Hi guys.
    Need a little help please.
    Not sure where to post this, so here it it.
    If you cant help, please guide me if you can.
    Thanks.


    Logfile of HijackThis v1.98.0
    Scan saved at 3:18:31 AM, on 8/26/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSSystem32Ati2evxx.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32LEXBCES.EXE
    C:WINDOWSsystem32LEXPPS.EXE
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSsystem32Ati2evxx.exe
    C:WINDOWSExplorer.EXE
    C:program FilesCommon FilesSymantec SharedccSetMgr.exe
    C:program FilesNorton AntiVirus
    avapsvc.exe
    C:program FilesNorton AntiVirusSAVScan.exe
    C:WINDOWSSystem32svchost.exe
    C:program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
    C:program FilesCommon FilesSymantec SharedccEvtMgr.exe
    C:program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
    C:WINDOWSinetgservices.exe
    C:WINDOWSSOUNDMAN.EXE
    C:program FilesCommon FilesSymantec SharedccApp.exe
    C:program FilesLexmark X5100 Serieslxbabmgr.exe
    C:program FilesLexmark X5100 Serieslxbabmon.exe
    C:program FilesMicrosoft HardwareKeyboard ype32.exe
    C:program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    C:program FilesMessengermsmsgs.exe
    C:program FilesHistoryKillhistkill.exe
    C:program FileseMuleemule.exe
    C:program FilesWinRARWinRAR.exe
    C:DOCUME~1JamieLOCALS~1TempRar$EX00.437SpyWareAPP'Smalware_ helperHijackThis.exe

    R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ask.com/
    R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.ask.com/
    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
    R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
    R3 - URLSearchHook: (no name) - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file)
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:WINDOWSlocalNRD.dll
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:WINDOWSsystem32
    vms.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:program FilesNorton AntiVirusNavShExt.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:WINDOWSsystem32mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:WINDOWSsystem32msbe.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:program FilesNorton AntiVirusNavShExt.dll
    O3 - Toolbar: (no name) - {815A82AE-CDEF-11D8-BA48-A6D245798277} - (no file)
    O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM..Run: [ccApp] "C:program FilesCommon FilesSymantec SharedccApp.exe"
    O4 - HKLM..Run: [Lexmark X5100 Series] "C:program FilesLexmark X5100 Serieslxbabmgr.exe"
    O4 - HKLM..Run: [IntelliType] "C:program FilesMicrosoft HardwareKeyboard ype32.exe"
    O4 - HKLM..Run: [ATIPTA] C:program FilesATI TechnologiesATI Control Panelatiptaxx.exe
    O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
    O4 - HKLM..Run: [xp_system] C:WINDOWSinetgservices.exe
    O4 - HKLM..Run: [dlcyonxoo] C:WINDOWSSystem32yddyxs.exe
    O4 - HKLM..Run: [Winad Client] C:program FilesWinad ClientWinad.exe
    O4 - HKCU..Run: [MSMSGS] "C:program FilesMessengermsmsgs.exe" /background
    O4 - HKCU..Run: [HistoryKill] C:program FilesHistoryKillhistkill.exe /startup
    O4 - HKCU..Run: [xp_system] C:WINDOWSinetgservices.exe
    O4 - HKCU..Run: [Scan Spyware] "C:program FilesScanSpyware v3.6Scanner.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:program FilesMicrosoft OfficeOffice10OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:pROGRA~1MICROS~3Office10EXCEL.EXE/3000
    O15 - Trusted Zone: www.mt-download.com
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...1dd4eb01d54f:eeba47ee03d937f4aaa2edc6fc4885a4
    O17 - HKLMSystemCCSServicesTcpip..{13FA7341-8635-4EF0-990E-0A7AE3C473F9}: NameServer = 192.168.0.1
    O17 - HKLMSystemCS1ServicesTcpip..{13FA7341-8635-4EF0-990E-0A7AE3C473F9}: NameServer = 192.168.0.1

     
  2. askyew

    askyew Regular member

    Joined:
    Jan 19, 2004
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    26
    Hey big j_holmes Hijack this has a forum that you can post that log to and they will go over it with a fine tooth comb. There are some really knowledgable people there, not that there aren't here, but they specialize with your question. go here register and post your log:

    http://forums.tomcoyote.org/index.php?s=7acd7848286f4acb68e5873c68eb7736&act=idx

    good luck and make sure your are running the following to keep spyware actively away:
    adware 6(for occasional checks)
    spybot search and destroy(use the immunize feature for blocking)
    spywareBlaster(enable the blocking features)
    These programs if used correctly will prevent you from getting spyware and hijacks. Be sure to update often and you can beat those bastards.
    Here is another good site for your problems and it makes for good reading to keep up with new progs for spyware:

    http://forums.spywareinfo.com/

    and the place to get your apps:

    http://www.majorgeeks.com/
    _X_X_X_X_X_[small]P4 2.8c @ 3.2
    Abit IC7-G
    2x80 gb seagates barracudas
    ATI AIW 9600 soft mod by w1zzard
    2 x 256 pc 3200 Kingston valueram(hynix chips)[/small]
     
    Last edited: Aug 26, 2004
  3. -LoNeR-

    -LoNeR- Active member

    Joined:
    Dec 29, 2003
    Messages:
    1,181
    Likes Received:
    0
    Trophy Points:
    66
  4. askyew

    askyew Regular member

    Joined:
    Jan 19, 2004
    Messages:
    199
    Likes Received:
    0
    Trophy Points:
    26
    spybot and blaster work in tandem to immunize your machine from getting any malicious ware. I only occasionally run adware 6 just to make sure that nothing is getting through. They are not resource hogs so I dont really notice that they are there.
     
  5. Jeanc1

    Jeanc1 Guest

    HijackThis has its own forum with INSTRUCTIONs on HOW to post your log file --!!

    There , members that have the knowledge will gladly help you out -- It could be Me !!

    Try it there :- http://forums.spywareinfo.com/

    (Edited for Typo)
    _X_X_X_X_X_[small]Do It Right , and you will be a Happy Camper ![/small]
     
    Last edited by a moderator: Aug 27, 2004
  6. septer45

    septer45 Member

    Joined:
    Sep 18, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Can you guys help me out here? I'm new to this program.

    Logfile of HijackThis v1.98.2
    Scan saved at 10:27:00 AM, on 9/18/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\KAV Shared Files\repview.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Documents and Settings\Ryan Septer\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iastate.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ss.r21.mchsi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
    O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\system32\apuc.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
    O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093397725892
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

     
  7. -LoNeR-

    -LoNeR- Active member

    Joined:
    Dec 29, 2003
    Messages:
    1,181
    Likes Received:
    0
    Trophy Points:
    66
    do yourself a favour - either goto hijackthis forums

    or goto http://www.bulletproofsoft.com and download BPS Spyware Adware Remover - the trial will remove any problems u have
     
  8. Jeanc1

    Jeanc1 Guest

    There is a definite procedure to follow before posting HijackThis Logs - [bold]Read the rules there [/bold]- Please use that forum so you get help -- I am not gonna start doing this in here !

    Sorry !
     

Share This Page