Hijack this : What do I delete

Discussion in 'Computer Support' started by John, Feb 9, 2005.

  1. John

    John Guest

    Here's my log file. If anyone could help me out, I'd be very
    appreciative!

    Logfile of HijackThis v1.99.0
    Scan saved at 23:26:55, on 08/02/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ACS.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security
    Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Messenger Plus\MsgPlus.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AdStatus Service\AdStatServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AdStatus Service\AdStatKeep.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\system32\RAMASST.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgNtfs.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\All Users\Application
    Data\programsitemultidate\Boltflaw.exe
    C:\PROGRA~1\DAP\DAP.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Jonathan Woodbury\Local
    Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www.xnttofpduodwzk.net/6SPL0IjUStxdEBMNM2LHZibRj/sIH/VIZ1/sWiajeZvAKf9dO_6XnlCkgUtnradW.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://hotmail.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E72B6E7-8241-31E3-02C8-9BC61AB0AC41} -
    C:\DOCUME~1\JONATH~1\APPLIC~1\CASHLI~1\Bias Live.exe
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
    C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} -
    C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
    Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and
    Launch\PadExe.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program
    Files\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check]
    C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
    Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger
    Plus\MsgPlus.exe"
    O4 - HKLM\..\Run: [multi date view peak] C:\Documents and Settings\All
    Users\Application Data\programsitemultidate\Way up.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program
    Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [filesharingcenter_AdStatServInstPack.exe]
    C:\WINDOWS\system32\filesharingcenter_AdStatServInstPack.exe
    O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus
    Service\AdStatServ.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Close heart]
    C:\DOCUME~1\JONATH~1\APPLIC~1\IDOLSU~1\Media wave mpeg.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
    C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    C:\Program Files\AIM\aim.exe (file missing)
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
    C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite -
    {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
    Files\ICQLite\ICQLite.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
    (MessengerStatsClient Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
    (MessengerStatsClient Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune
    Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
    Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} -
    C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O23 - Service: Atheros Configuration Service - Unknown -
    C:\WINDOWS\System32\ACS.exe
    O23 - Service: Ati HotKey Poller - Unknown -
    C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program
    Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co.,
    Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
    Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec
    Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation -
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program
    Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation -
    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. -
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    John, Feb 9, 2005
    #1
    1. Advertising

  2. John

    Guest

    On 8 Feb 2005 20:27:14 -0800, (John) wrote:

    |> Here's my log file. If anyone could help me out, I'd be very
    |> appreciative!
    |>
    |> Logfile of HijackThis v1.99.0
    |> Scan saved at 23:26:55, on 08/02/2005
    |> Platform: Windows XP SP2 (WinNT 5.01.2600)
    |> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    AdStatServ.exe and AdStatKeep.exe for starters
    as per http://hijackthis.de/index.php?langselect=english


    --
     
    , Feb 9, 2005
    #2
    1. Advertising

  3. John

    Guest

    wrote:
    > On 8 Feb 2005 20:27:14 -0800, (John)

    wrote:
    >
    > |> Here's my log file. If anyone could help me out, I'd be very
    > |> appreciative!
    > |>
    > |> Logfile of HijackThis v1.99.0
    > |> Scan saved at 23:26:55, on 08/02/2005
    > |> Platform: Windows XP SP2 (WinNT 5.01.2600)
    > |> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > AdStatServ.exe and AdStatKeep.exe for starters
    > as per http://hijackthis.de/index.php?langselect=english
    >
    >
    > --
     
    , Feb 9, 2005
    #3
  4. John

    Guest

    asdf
     
    , Feb 9, 2005
    #4
  5. John

    Guest

    Thanks for that site, very useful.

    Hijack this identified download accelerator (DAP) as a problem. Does
    this only refer to the banner it displays during downloads , or is it
    also reeking havock on my computer while I'm not downloading?
     
    , Feb 9, 2005
    #5
  6. John

    Guest

    On 8 Feb 2005 20:52:14 -0800, wrote:

    |> Thanks for that site, very useful.
    |>
    |> Hijack this identified download accelerator (DAP) as a problem. Does
    |> this only refer to the banner it displays during downloads , or is it
    |> also reeking havock on my computer while I'm not downloading?

    Needs to know what banners to show you, so there is an exchange of
    information. http://www.getright.com/ not free but much better.

    Reeking havoc on your computer would be counter productive for it's
    purposes, but it does steal system resources and bandwidth.

    --
     
    , Feb 9, 2005
    #6
  7. John

    °Mike° Guest

    On 8 Feb 2005 20:27:14 -0800, in
    <>
    John scrawled:

    >Here's my log file. If anyone could help me out, I'd be very
    >appreciative!
    >
    >Logfile of HijackThis v1.99.0
    >Scan saved at 23:26:55, on 08/02/2005
    >Platform: Windows XP SP2 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    >Running processes:


    <SNIP>

    >C:\Program Files\AdStatus Service\AdStatServ.exe


    Terminate the above process with CTRL+ALT+DEL.


    >C:\Program Files\AdStatus Service\AdStatKeep.exe


    Terminate the above process with CTRL+ALT+DEL.


    >C:\Documents and Settings\All Users\Application
    >Data\programsitemultidate\Boltflaw.exe


    Unknown process. If you do not recognise it, terminate
    it with CTRL+ALT+DEL.


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    >http://www.xnttofpduodwzk.net/6SPL0IjUStxdEBMNM2LHZibRj/sIH/VIZ1/sWiajeZvAKf9dO_6XnlCkgUtnradW.cgi


    Have HijackThis fix the above.


    >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >http://hotmail.com/


    Have HijackThis fix the above, unless Hotmail is your chosen start page.


    >O2 - BHO: (no name) - {1E72B6E7-8241-31E3-02C8-9BC61AB0AC41} -
    >C:\DOCUME~1\JONATH~1\APPLIC~1\CASHLI~1\Bias Live.exe


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [multi date view peak] C:\Documents and Settings\All
    >Users\Application Data\programsitemultidate\Way up.exe


    Unknown application. Unless you recognise it, have HijackThis fix it.


    >O4 - HKLM\..\Run: [filesharingcenter_AdStatServInstPack.exe]
    >C:\WINDOWS\system32\filesharingcenter_AdStatServInstPack.exe


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus
    >Service\AdStatServ.exe


    Have HijackThis fix the above.


    >O4 - HKCU\..\Run: [Close heart]
    >C:\DOCUME~1\JONATH~1\APPLIC~1\IDOLSU~1\Media wave mpeg.exe


    Unknown application. Unless you recognise it, have HijackThis fix it.


    >O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    >C:\Program Files\AIM\aim.exe (file missing)


    Have HijackThis fix the above.



    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Feb 9, 2005
    #7
  8. John

    Guest

    Thanks!
     
    , Feb 16, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lee Something

    Cannot Delete, (The Delete Key Won't Work)

    Lee Something, Oct 15, 2003, in forum: Computer Support
    Replies:
    13
    Views:
    7,872
    trout
    Oct 15, 2003
  2. Jeanette

    Hijack This log - what to delete?

    Jeanette, Jul 29, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    1,908
    °Mike°
    Jul 30, 2004
  3. zZz
    Replies:
    1
    Views:
    1,059
    SgtMinor
    Jan 12, 2005
  4. Replies:
    8
    Views:
    579
  5. SGM

    Hijack This, Which Files to Delete? THX

    SGM, Jan 29, 2012, in forum: Computer Support
    Replies:
    0
    Views:
    1,234
Loading...

Share This Page