Hi jack this log

Discussion in 'Computer Support' started by albert9264@socal.rr.com, Dec 25, 2004.

  1. Guest

    I don't know where to go for help with this. I ran hi jack this earlier
    today, and here is the log:

    Logfile of HijackThis v1.99.0
    Scan saved at 3:49:31 PM, on 12/25/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    L:\Program Files\Norton AntiVirus\navapsvc.exe
    L:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\atlrk.exe
    C:\WINDOWS\atlfz32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    D:\program files\programs\warez\xnews\Xnews.exe
    C:\WINDOWS\System32\DllHost.exe
    D:\program files\programs\misc\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    D:\Program Files\programs\misc\WinRAR\WinRAR.exe
    D:\junk\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {A3C660FF-DEAB-ECF0-02FE-C8DC9874C708} -
    C:\WINDOWS\appgq32.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    - L:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [atlfz32.exe] C:\WINDOWS\atlfz32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [atlrk.exe] C:\WINDOWS\atlrk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
    Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program
    Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    D:\program files\programs\chatting\AIM\aim.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec
    Corporation - L:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec
    Corporation - L:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - L:\Program Files\Norton
    AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation -
    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Workstation NetLogon Service - Unknown -
    C:\WINDOWS\system32\appux.exe (file missing)

    I am not sure what to keep and waht to delete, i odn't want to delete
    the wrong things and screw up my computer even more. Thanks
     
    , Dec 25, 2004
    #1
    1. Advertising

  2. Guest

    On 25 Dec 2004 15:50:35 -0800, wrote:

    |> I don't know where to go for help with this. I ran hi jack this earlier
    |> today, and here is the log:
    |>

    Try here:
    http://hijackthis.de/index.php?langselect=english

    Files worth investigating are:
    atlfz32.exe
    atlrk.exe

    Registry entries worth investigating:
    O2 - BHO: (no name) - {A3C660FF-DEAB-ECF0-02FE-C8DC9874C708} -
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\WINDOWS\system32\appux.exe (file missing)

    And remember if google shows few or no results it's not a good thing.

    (Google fun: input atlrk.exe and see what it really thinks your looking
    for.)

    |> I am not sure what to keep and waht to delete, i odn't want to delete
    |> the wrong things and screw up my computer even more. Thanks

    I think the keyword here is back-up.


    --
     
    , Dec 26, 2004
    #2
    1. Advertising

  3. doS Guest

    C:\WINDOWS\System32\DllHost.exe
    is the culprit....


    <> wrote in message
    news:...
    > On 25 Dec 2004 15:50:35 -0800, wrote:
    >
    > |> I don't know where to go for help with this. I ran hi jack this earlier
    > |> today, and here is the log:
    > |>
    >
    > Try here:
    > http://hijackthis.de/index.php?langselect=english
    >
    > Files worth investigating are:
    > atlfz32.exe
    > atlrk.exe
    >
    > Registry entries worth investigating:
    > O2 - BHO: (no name) - {A3C660FF-DEAB-ECF0-02FE-C8DC9874C708} -
    > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    > C:\WINDOWS\system32\appux.exe (file missing)
    >
    > And remember if google shows few or no results it's not a good thing.
    >
    > (Google fun: input atlrk.exe and see what it really thinks your looking
    > for.)
    >
    > |> I am not sure what to keep and waht to delete, i odn't want to delete
    > |> the wrong things and screw up my computer even more. Thanks
    >
    > I think the keyword here is back-up.
    >
    >
    > --
     
    doS, Dec 26, 2004
    #3
  4. Guest

    On Sat, 25 Dec 2004 21:57:39 -0500, "doS"
    <> wrote:

    |> C:\WINDOWS\System32\DllHost.exe
    |> is the culprit....
    |>

    I know this file personally; it taught me it was time to run a firewall
    full time. I pick'd up the Welchia worm just by being online and with a
    dial-up at that.

    C:\WINDOWS\System32\DllHost.exe is the good file, and part of the
    windows system.

    C:\WINDOWS\Win\DllHost.exe is the evil one :)






    |>
    |> <> wrote in message
    |> news:...
    |> > On 25 Dec 2004 15:50:35 -0800, wrote:
    |> >
    |> > |> I don't know where to go for help with this. I ran hi jack this earlier
    |> > |> today, and here is the log:
    |> > |>
    |> >
    |> > Try here:
    |> > http://hijackthis.de/index.php?langselect=english
    |> >
    |> > Files worth investigating are:
    |> > atlfz32.exe
    |> > atlrk.exe
    |> >
    |> > Registry entries worth investigating:
    |> > O2 - BHO: (no name) - {A3C660FF-DEAB-ECF0-02FE-C8DC9874C708} -
    |> > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    |> > C:\WINDOWS\system32\appux.exe (file missing)
    |> >
    |> > And remember if google shows few or no results it's not a good thing.
    |> >
    |> > (Google fun: input atlrk.exe and see what it really thinks your looking
    |> > for.)
    |> >
    |> > |> I am not sure what to keep and waht to delete, i odn't want to delete
    |> > |> the wrong things and screw up my computer even more. Thanks
    |> >
    |> > I think the keyword here is back-up.
    |> >
    |> >
    |> > --
    |>


    --
     
    , Dec 26, 2004
    #4
  5. Bill P Guest

    Copy and paste it here and see what it comes up with.

    http://hijackthis.de/index.php?langselect=english

    Regards
    Bill


    <> wrote in message
    news:...
    > I don't know where to go for help with this. I ran hi jack this

    earlier
    > today, and here is the log:
    >
    > Logfile of HijackThis v1.99.0
    > Scan saved at 3:49:31 PM, on 12/25/2004
    > Platform: Windows XP (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    > L:\Program Files\Norton AntiVirus\navapsvc.exe
    > L:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    > C:\WINDOWS\System32\nvsvc32.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    > C:\WINDOWS\atlrk.exe
    > C:\WINDOWS\atlfz32.exe
    > C:\Program Files\QuickTime\qttask.exe
    > C:\WINDOWS\System32\ctfmon.exe
    > C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    > C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    > C:\WINDOWS\System32\wuauclt.exe
    > C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    > C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    > D:\program files\programs\warez\xnews\Xnews.exe
    > C:\WINDOWS\System32\DllHost.exe
    > D:\program files\programs\misc\Winamp\winamp.exe
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\WINDOWS\explorer.exe
    > D:\Program Files\programs\misc\WinRAR\WinRAR.exe
    > D:\junk\HijackThis.exe
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    > res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > about:blank
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    > = res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    > res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant

    =
    > res://C:\WINDOWS\system32\qokkp.dll/sp.html#28129
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: (no name) - {A3C660FF-DEAB-ECF0-02FE-C8DC9874C708} -
    > C:\WINDOWS\appgq32.dll
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\System32\msdxm.ocx
    > O3 - Toolbar: Norton AntiVirus -

    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    > - L:\Program Files\Norton AntiVirus\NavShExt.dll
    > O4 - HKLM\..\Run: [atlfz32.exe] C:\WINDOWS\atlfz32.exe
    > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    > C:\WINDOWS\System32\NvCpl.dll,NvStartup
    > O4 - HKLM\..\RunOnce: [atlrk.exe] C:\WINDOWS\atlrk.exe
    > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    > O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
    > Messenger\MsnMsgr.Exe" /background
    > O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program
    > Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    > O8 - Extra context menu item: E&xport to Microsoft Excel -
    > res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    > O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    > Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    > C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    > O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    > D:\program files\programs\chatting\AIM\aim.exe
    > O23 - Service: Symantec Event Manager - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > O23 - Service: Symantec Password Validation - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    > O23 - Service: Symantec Settings Manager - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec
    > Corporation - L:\Program Files\Norton AntiVirus\navapsvc.exe
    > O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec
    > Corporation - L:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    > O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
    > C:\WINDOWS\System32\nvsvc32.exe
    > O23 - Service: SAVScan - Symantec Corporation - L:\Program

    Files\Norton
    > AntiVirus\SAVScan.exe
    > O23 - Service: ScriptBlocking Service - Symantec Corporation -
    > C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    > O23 - Service: Symantec Network Drivers Service - Symantec Corporation
    > - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program
    > Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    > O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    > Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    > O23 - Service: Workstation NetLogon Service - Unknown -
    > C:\WINDOWS\system32\appux.exe (file missing)
    >
    > I am not sure what to keep and waht to delete, i odn't want to delete
    > the wrong things and screw up my computer even more. Thanks
    >
     
    Bill P, Dec 26, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim

    SMA Jack-Plug-Jack Tee

    Jim, Oct 19, 2004, in forum: Wireless Networking
    Replies:
    2
    Views:
    816
  2. paul beard

    Hi Jack This Log

    paul beard, Sep 4, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    493
    ethan.blair
    Sep 9, 2004
  3. Jerry G.

    Log On Screen Changed. No More Auto-Log On.

    Jerry G., Oct 22, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    574
    Locke Nash Cole
    Oct 22, 2004
  4. Replies:
    2
    Views:
    2,018
    pcbutts1
    Aug 26, 2005
  5. Clive Bundy

    Re Hi Jack Log

    Clive Bundy, Jul 29, 2007, in forum: Computer Support
    Replies:
    3
    Views:
    526
Loading...

Share This Page