Hijack this log por favor

Discussion in 'Computer Support' started by joevan, Feb 20, 2004.

  1. joevan

    joevan Guest

    Logfile of HijackThis v1.97.7
    I hope it is ok to ask if anyone here would look this over and say if
    anything looks amiss. To delete or not to delete, that is the
    question.
    The only thing I deleted from the list was some junk left over when I
    got rid of the Weatherbug.

    My daughter uses AIM and Yahoo for messages and or mail.


    Scan saved at 9:33:38 AM, on 2/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\System32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Microsoft Hardware\Mouse\point32.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Restart\Restart.exe
    D:\WINDOWS\system32\cisvc.exe
    D:\Program Files\Executive Software\Diskeeper\DkService.exe
    D:\WINDOWS\system32\cidaemon.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\ACD Systems\ACDSee\ACDSee.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Program Files\Media Player Classic\mplayerc.exe
    D:\Program Files\Outlook Express\msimn.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\covad\GSpot\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    Microsoft Internet Explorer
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} -
    D:\PROGRA~1\ZEROPO~1\HTMLEdit.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper -
    {601ED020-FB6C-11D3-87D8-0050DA59922B} - c:\program files\ws_ftp
    pro\wsbho2K0.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    d:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Restart] D:\Program Files\Restart\Restart.exe
    O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone
    Labs\ZoneAlarm\zonealarm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    present
    O8 - Extra context menu item: &Google Search - res://d:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://d:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page -
    res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://d:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English -
    res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .bcf: D:\Program Files\Internet
    Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: D:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
    http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://active.macromedia.com/director/cabs/sw.cab

    http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
    Installation Engine) -
    http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
    http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
    http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.6293287037
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
    http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
    Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_11_0.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{09A***C0-282F-4B*****0-4A2******89}:
    NameServer = **.***.159.*** **.105.***.***
    O17 -
    HKLM\System\CS1\Services\Tcpip\..\{{09A***C0-282F-4B*****0-4A2******89}:
    NameServer = **.***.159.*** **.105.***.***
    I deleted some numbers here and put in **** just in case I would be
    divulging something I shouldn't.

    TIA
    joevan
    joevan, Feb 20, 2004
    #1
    1. Advertising

  2. joevan

    TehGhodTrole Guest

    joevan wrote:
    > Logfile of HijackThis v1.97.7
    > I hope it is ok to ask if anyone here would look this over and say if
    > anything looks amiss. To delete or not to delete, that is the
    > question.


    Just delete the lot. If all hell breaks lose, you've broken something.

    HTH and HAND


    --
    TehGhodTrole: Trolling, for God's sake.
    Your Free Insult: Jesus loves you.
    TehGhodTrole, Feb 20, 2004
    #2
    1. Advertising

  3. joevan

    Harrison Guest

    On Fri, 20 Feb 2004 15:02:25 GMT, joevan <> wrote:

    All in all, it looks pretty clean.
    There are some things you can get rid of here, but none seem to be too nasty.

    >D:\WINDOWS\system32\cisvc.exe
    >D:\WINDOWS\system32\cidaemon.exe

    Indexing Service - Right-click My Computer and choose Manage. Go to Services and Applications/Services. Locate the
    Indexing Service and press stop/disable.
    See http://www.theeldergeek.com/services_guide.htm for more useless services.

    >D:\Program Files\Common Files\Real\Update_OB\realsched.exe

    Remove


    >Microsoft Internet Explorer
    >O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} -
    >D:\PROGRA~1\ZEROPO~1\HTMLEdit.dll

    Remove - Uninstall
    Get Avant, Firefox, or Mozilla.
    I see you already have the Google Toolbar.


    >O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
    >Files\Real\Update_OB\realsched.exe" -osboot

    Remove - Better yet, get rid of Real Player altogether.

    >O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
    >Files\QuickTime\qttask.exe" -atboottime

    Remove


    >O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    >http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe

    Remove


    >O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
    >http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab

    Remove
    Harrison, Feb 20, 2004
    #3
  4. joevan

    Harrison Guest

    On 20 Feb 2004 15:05:57 GMT, "TehGhodTrole" <> wrote:

    >joevan wrote:
    >> Logfile of HijackThis v1.97.7
    >> I hope it is ok to ask if anyone here would look this over and say if
    >> anything looks amiss. To delete or not to delete, that is the
    >> question.

    >
    >Just delete the lot. If all hell breaks lose, you've broken something.
    >
    >HTH and HAND


    http://tinyurl.com/2evb2
    Harrison, Feb 20, 2004
    #4
  5. joevan

    joevan Guest

    On Fri, 20 Feb 2004 10:28:41 -0500, Harrison <Harrison> wrote:

    >On Fri, 20 Feb 2004 15:02:25 GMT, joevan <> wrote:
    >
    >All in all, it looks pretty clean.
    >There are some things you can get rid of here, but none seem to be too nasty.
    >
    >>D:\WINDOWS\system32\cisvc.exe
    >>D:\WINDOWS\system32\cidaemon.exe

    >Indexing Service - Right-click My Computer and choose Manage. Go to Services and Applications/Services. Locate the
    >Indexing Service and press stop/disable.
    >See http://www.theeldergeek.com/services_guide.htm for more useless services.
    >
    >>D:\Program Files\Common Files\Real\Update_OB\realsched.exe

    >Remove
    >
    >
    >>Microsoft Internet Explorer
    >>O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} -
    >>D:\PROGRA~1\ZEROPO~1\HTMLEdit.dll

    >Remove - Uninstall
    >Get Avant, Firefox, or Mozilla.
    >I see you already have the Google Toolbar.
    >
    >
    >>O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
    >>Files\Real\Update_OB\realsched.exe" -osboot

    >Remove - Better yet, get rid of Real Player altogether.
    >
    >>O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
    >>Files\QuickTime\qttask.exe" -atboottime

    >Remove
    >
    >
    >>O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    >>http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe

    >Remove
    >
    >
    >>O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
    >>http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab

    >Remove
    >
    >

    Thank you Harrison,
    A calm clear head is better than a noisy clouded one.
    joevan
    joevan, Feb 20, 2004
    #5
  6. joevan

    joevan Guest

    On Fri, 20 Feb 2004 10:32:25 -0500, Harrison <Harrison> wrote:

    >>HTH and HAND

    >
    >http://tinyurl.com/2evb2


    Yeath,
    joevan
    joevan, Feb 20, 2004
    #6
  7. joevan

    °Mike° Guest

    On Fri, 20 Feb 2004 15:02:25 GMT, in
    <>
    joevan scrawled:

    >Logfile of HijackThis v1.97.7


    <snip>

    >O17 - HKLM\System\CCS\Services\Tcpip\..\{09A***C0-282F-4B*****0-4A2******89}:
    >NameServer = **.***.159.*** **.105.***.***
    >O17 - HKLM\System\CS1\Services\Tcpip\..\{{09A***C0-282F-4B*****0-4A2******89}:
    >NameServer = **.***.159.*** **.105.***.***


    If the above IPs are *not* from your network, or ISP, have HijackThis
    fix them.

    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Feb 20, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. gangle

    Mercy killing por favor

    gangle, Dec 28, 2003, in forum: Computer Support
    Replies:
    14
    Views:
    821
    Miggsee
    Dec 30, 2003
  2. Ayudanos por favor

    , Dec 18, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    511
    Old Gringo
    Dec 18, 2004
  3. Uberto
    Replies:
    0
    Views:
    1,256
    Uberto
    Apr 5, 2005
  4. Patrick L.

    por favor

    Patrick L., Feb 21, 2004, in forum: Digital Photography
    Replies:
    0
    Views:
    439
    Patrick L.
    Feb 21, 2004
  5. richard

    Let it snow! (elsewhere por favor)

    richard, Dec 15, 2008, in forum: Computer Support
    Replies:
    3
    Views:
    425
Loading...

Share This Page