hijackthis log

Discussion in 'Computer Support' started by flamer die.spam@hotmail.com, Nov 9, 2006.

  1. flamer

    flamer Guest

    Hi, I have this issue: when i open firefox or IE my pc starts
    connecting on various ports to the first entry in my hosts file (i can
    change whatever the first domain is and it will start connecting to
    that instead), it will make 40+ connections, internet goes very slowly,
    i have run spysweeper, ad-adware, spybot, avast, outpost adware and
    still having the issue. Any ideas?

    Logfile of HijackThis v1.99.1
    Scan saved at 12:50:59 AM, on 11/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\DC++\DCPlusPlus.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    F:\apps install files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://google.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program
    Files\WinFast\WFTVFM\WFWIZ.exe
    O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost
    Firewall\outpost.exe /waitservice
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common
    Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia
    PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite
    6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: + &Mass Downloader: download this file -
    C:\Program Files\Mass Downloader\Add_Url.htm
    O8 - Extra context menu item: + Mass Downloader: download &All files -
    C:\Program Files\Mass Downloader\Add_All.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program
    Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program
    Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Outpost Firewall Pro Quick Tune -
    {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program
    Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} -
    C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (file missing)
    (HKCU)
    O9 - Extra 'Tools' menuitem: Show Trashcan -
    {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program
    Files\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -
    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152411353312
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{1D2D268D-D5FC-4035-A14F-39A5A2DD1A75}:
    NameServer = 202.180.64.2 202.180.64.9
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner
    - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program
    Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program
    Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program
    Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common
    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum
    Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
    Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown
    owner - C:\WINDOWS\system32\UAService7.exe

    Flamer.
    flamer , Nov 9, 2006
    #1
    1. Advertising

  2. flamer

    Gordon Guest

    <> wrote in message
    news:...
    > Hi, I have this issue: when i open firefox or IE my pc starts
    > connecting on various ports to the first entry in my hosts file (i can
    > change whatever the first domain is and it will start connecting to
    > that instead), it will make 40+ connections, internet goes very slowly,
    > i have run spysweeper, ad-adware, spybot, avast, outpost adware and
    > still having the issue. Any ideas?
    >
    > Logfile of HijackThis


    there are specialist forums for hijackthis logs - do a google.
    Gordon, Nov 9, 2006
    #2
    1. Advertising

  3. flamer

    Ponder Guest

    Hiya Gordon.

    In <news:> you wrote:

    > there are specialist forums for hijackthis logs - do a google.


    Nah, leave it to pcbutts, he knows everything about these ;)

    --
    PGP key ID - DSS:0x2661A952
    Ponder - Homepage: http://www.colinjones.co.uk ICQ# 1707811
    Skittles Team: http://www.ddskittles.co.uk
    Ponder, Nov 9, 2006
    #3
  4. flamer

    pcbutts1 Guest

    Your log is clean. Please post the first couple of lines of your host file.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    > Hi, I have this issue: when i open firefox or IE my pc starts
    > connecting on various ports to the first entry in my hosts file (i can
    > change whatever the first domain is and it will start connecting to
    > that instead), it will make 40+ connections, internet goes very slowly,
    > i have run spysweeper, ad-adware, spybot, avast, outpost adware and
    > still having the issue. Any ideas?
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 12:50:59 AM, on 11/10/2006
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    pcbutts1, Nov 10, 2006
    #4
  5. flamer

    flamer Guest

    pcbutts1 wrote:
    > Your log is clean. Please post the first couple of lines of your host file.
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > <> wrote in message
    > news:...
    > > Hi, I have this issue: when i open firefox or IE my pc starts
    > > connecting on various ports to the first entry in my hosts file (i can
    > > change whatever the first domain is and it will start connecting to
    > > that instead), it will make 40+ connections, internet goes very slowly,
    > > i have run spysweeper, ad-adware, spybot, avast, outpost adware and
    > > still having the issue. Any ideas?
    > >
    > > Logfile of HijackThis v1.99.1
    > > Scan saved at 12:50:59 AM, on 11/10/2006
    > > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    > >


    it was:
    127.0.0.1 1.httpdads.com
    127.0.0.1 geneva.com
    ....continues..

    then i added 127.0.0.1 null

    just to ensure it wasnt actually going to connect to a real site, i
    discovered it was connecting to the domains in the hosts file because i
    manually blocked httpdads in the firewall then it starting connecting
    to the next domain and so on. The process ID of the connections points
    to firefox or ie or avast mail scanner

    Flamer.
    flamer , Nov 10, 2006
    #5
  6. flamer

    pcbutts1 Guest

    The first line should be
    127.0.0.1 localhost

    Use my hosts file. Run the hosts.bat file to automatically install it.
    http://www.pcbutts1.com/downloads/hosts.zip



    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    >
    > pcbutts1 wrote:
    >> Your log is clean. Please post the first couple of lines of your host
    >> file.
    >>
    >> --
    >>
    >>
    >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    >> NEW Embedded system W/Linux. We now sell DVR cards.
    >> See it all at http://www.seedsv.com/products.htm
    >> Sharpvision simply the best http://www.seedsv.com
    >>
    >>
    >>
    >> <> wrote in message
    >> news:...
    >> > Hi, I have this issue: when i open firefox or IE my pc starts
    >> > connecting on various ports to the first entry in my hosts file (i can
    >> > change whatever the first domain is and it will start connecting to
    >> > that instead), it will make 40+ connections, internet goes very slowly,
    >> > i have run spysweeper, ad-adware, spybot, avast, outpost adware and
    >> > still having the issue. Any ideas?
    >> >
    >> > Logfile of HijackThis v1.99.1
    >> > Scan saved at 12:50:59 AM, on 11/10/2006
    >> > Platform: Windows XP SP2 (WinNT 5.01.2600)
    >> > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >> >

    >
    > it was:
    > 127.0.0.1 1.httpdads.com
    > 127.0.0.1 geneva.com
    > ...continues..
    >
    > then i added 127.0.0.1 null
    >
    > just to ensure it wasnt actually going to connect to a real site, i
    > discovered it was connecting to the domains in the hosts file because i
    > manually blocked httpdads in the firewall then it starting connecting
    > to the next domain and so on. The process ID of the connections points
    > to firefox or ie or avast mail scanner
    >
    > Flamer.
    >
    pcbutts1, Nov 10, 2006
    #6
  7. flamer

    flamer Guest

    pcbutts1 wrote:
    > The first line should be
    > 127.0.0.1 localhost
    >
    > Use my hosts file. Run the hosts.bat file to automatically install it.
    > http://www.pcbutts1.com/downloads/hosts.zip
    >
    >
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > <> wrote in message
    > news:...
    > >
    > > pcbutts1 wrote:
    > >> Your log is clean. Please post the first couple of lines of your host
    > >> file.
    > >>
    > >> --
    > >>
    > >>
    > >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > >> NEW Embedded system W/Linux. We now sell DVR cards.
    > >> See it all at http://www.seedsv.com/products.htm
    > >> Sharpvision simply the best http://www.seedsv.com
    > >>
    > >>
    > >>
    > >> <> wrote in message
    > >> news:...
    > >> > Hi, I have this issue: when i open firefox or IE my pc starts
    > >> > connecting on various ports to the first entry in my hosts file (i can
    > >> > change whatever the first domain is and it will start connecting to
    > >> > that instead), it will make 40+ connections, internet goes very slowly,
    > >> > i have run spysweeper, ad-adware, spybot, avast, outpost adware and
    > >> > still having the issue. Any ideas?
    > >> >
    > >> > Logfile of HijackThis v1.99.1
    > >> > Scan saved at 12:50:59 AM, on 11/10/2006
    > >> > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > >> > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    > >> >

    > >
    > > it was:
    > > 127.0.0.1 1.httpdads.com
    > > 127.0.0.1 geneva.com
    > > ...continues..
    > >
    > > then i added 127.0.0.1 null
    > >
    > > just to ensure it wasnt actually going to connect to a real site, i
    > > discovered it was connecting to the domains in the hosts file because i
    > > manually blocked httpdads in the firewall then it starting connecting
    > > to the next domain and so on. The process ID of the connections points
    > > to firefox or ie or avast mail scanner
    > >
    > > Flamer.
    > >


    Ok done that.. and now.. a million and one tcp connections to
    localhost showing in netstat rather than null.

    Flamer.
    flamer , Nov 10, 2006
    #7
  8. flamer

    pcbutts1 Guest

    From the command prompt type netsh winsock reset

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    >
    > pcbutts1 wrote:
    >> The first line should be
    >> 127.0.0.1 localhost
    >>
    >> Use my hosts file. Run the hosts.bat file to automatically install it.
    >> http://www.pcbutts1.com/downloads/hosts.zip
    >>
    >>
    >>
    >> --
    >>
    >>
    >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    >> NEW Embedded system W/Linux. We now sell DVR cards.
    >> See it all at http://www.seedsv.com/products.htm
    >> Sharpvision simply the best http://www.seedsv.com
    >>
    >>
    >>
    >> <> wrote in message
    >> news:...
    >> >
    >> > pcbutts1 wrote:
    >> >> Your log is clean. Please post the first couple of lines of your host
    >> >> file.
    >> >>
    >> >> --
    >> >>
    >> >>
    >> >> The best live web video on the internet
    >> >> http://www.seedsv.com/webdemo.htm
    >> >> NEW Embedded system W/Linux. We now sell DVR cards.
    >> >> See it all at http://www.seedsv.com/products.htm
    >> >> Sharpvision simply the best http://www.seedsv.com
    >> >>
    >> >>
    >> >>
    >> >> <> wrote in message
    >> >> news:...
    >> >> > Hi, I have this issue: when i open firefox or IE my pc starts
    >> >> > connecting on various ports to the first entry in my hosts file (i
    >> >> > can
    >> >> > change whatever the first domain is and it will start connecting to
    >> >> > that instead), it will make 40+ connections, internet goes very
    >> >> > slowly,
    >> >> > i have run spysweeper, ad-adware, spybot, avast, outpost adware and
    >> >> > still having the issue. Any ideas?
    >> >> >
    >> >> > Logfile of HijackThis v1.99.1
    >> >> > Scan saved at 12:50:59 AM, on 11/10/2006
    >> >> > Platform: Windows XP SP2 (WinNT 5.01.2600)
    >> >> > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >> >> >
    >> >
    >> > it was:
    >> > 127.0.0.1 1.httpdads.com
    >> > 127.0.0.1 geneva.com
    >> > ...continues..
    >> >
    >> > then i added 127.0.0.1 null
    >> >
    >> > just to ensure it wasnt actually going to connect to a real site, i
    >> > discovered it was connecting to the domains in the hosts file because i
    >> > manually blocked httpdads in the firewall then it starting connecting
    >> > to the next domain and so on. The process ID of the connections points
    >> > to firefox or ie or avast mail scanner
    >> >
    >> > Flamer.
    >> >

    >
    > Ok done that.. and now.. a million and one tcp connections to
    > localhost showing in netstat rather than null.
    >
    > Flamer.
    >
    pcbutts1, Nov 10, 2006
    #8
  9. flamer

    Leythos Guest

    In article <>, pcbutts1
    @seedsv.com says...
    > The first line should be
    > 127.0.0.1 localhost
    >
    > Use my hosts file. Run the hosts.bat file to automatically install it.
    > http://www.pcbutts1.com/downloads/hosts.zip


    Looks like you pirated that file from the real author - did you actually
    get permission to provide it from the real author?

    http://msmvps.com/blogs/hostsnews/archive/2006/11/10/pcbutts1-_
    2E002E002E00_-the-saga-continues-_2E002E002E00_.aspx

    Seems that you pirated a file and then don't give credit to the real
    author, again, and again, and again, and again....

    --


    remove 999 in order to email me
    Leythos, Nov 10, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. UnderDog

    HijackThis Log

    UnderDog, May 8, 2004, in forum: Computer Support
    Replies:
    5
    Views:
    5,601
    Boomer
    May 8, 2004
  2. ~*Eternity*~

    Help with HijackThis! Log

    ~*Eternity*~, May 14, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    785
    Toolman Tim
    May 15, 2004
  3. Mr. Wood

    HijackThis log - what do I fix?

    Mr. Wood, May 30, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    531
    Toolman Tim
    May 30, 2004
  4. nik_marquise

    HijackThis help . . . not log file . . . Help

    nik_marquise, Jun 8, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    368
    ┬░Mike┬░
    Jun 8, 2004
  5. Warren Briggs

    Help with Hijackthis!! LOG

    Warren Briggs, Jun 9, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    558
    discogail
    Jun 9, 2004
Loading...

Share This Page