Result of my Hijackthis scan

Discussion in 'Computer Security' started by todhunter5, Dec 27, 2003.

  1. todhunter5

    todhunter5 Guest

    What entries should I delete and or fix and or ignore?

    Logfile of HijackThis v1.97.7
    Scan saved at 11:05:08 AM, on 12/27/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\Program Files\Popup & Privacy Defender for IE\pdie.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\AIM95\aim.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant
    Updater\RuLaunch.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\msdtc.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\SpamPal\spampal.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Tom_Todhunter\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://excite.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.insightbb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer provided by Insightbb.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = http=127.0.0.1:6711
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
    http://www.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
    about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection -
    {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
    Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
    C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
    Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
    C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee
    VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKCU\..\Run: [Popup & Privacy Defender for IE] "C:\Program Files\Popup
    & Privacy Defender for IE\pdie.exe" Minimize
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program
    Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe"
    /startmonitor
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program
    Files\Microsoft Works\WkDetect.exe
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: file.exe.vir
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program
    Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    present
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: P&&PDIE (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
    O16 - DPF: ChatSpace Full Java Client 2.1.0.95 -
    http://www.spankingchat.com/Java/cs4fs095.cab
    O16 - DPF: ChatSpace Java Client 2.1.0.86 -
    http://www.spankingchat.com/Java/cs4ms086.cab
    O16 - DPF: ChatSpace Java Client 2.1.0.95 -
    http://www.spankingchat.com/Java/cs4ms095.cab
    O16 - DPF: DigiChat Applet -
    http://host.digichat.com/DigiChat/DigiClasses/Client_IE.cab
    O16 - DPF: Yahoo! Chat -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
    https://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -
    http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template
    and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
    http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) -
    http://www.rovion.com/Controls/Rovion.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) -
    http://www.smartforce.com/v2.1/applications/liveplay/Activex/AXClientUtil.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
    Installation Engine) -
    http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
    https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://207.188.7.150/26f03b14ca49ac6a6023/netzip/RdxIE601.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
    http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client
    Control (redist)) - http://12.223.201.5/tsweb/msrdp.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -
    http://ftp.us.dell.com/fixes/PROFILER.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37651.7162037037
    O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments
    Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
    O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) -
    http://www.cityofnoblesville.org/codebase/cabs/whip.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on
    the Web Control) -
    http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
    http://download.abacast.com/download/files/abasetup141.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data
    Class) - http://www29.compaq.com/falco/SysQuery.cab



    --
    Thomas A. Todhunter
    MS(36hrs), BA, MCSA, MCP, A+, Net+
     
    todhunter5, Dec 27, 2003
    #1
    1. Advertising

  2. todhunter5

    \(-_-\) Guest

    In my humble opinion, well done sponge. (-_-)
     
    \(-_-\), Dec 28, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charlie

    Help with HijackThis scan

    Charlie, Jan 12, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    1,905
    Bill P
    Jan 12, 2005
  2. jack lift
    Replies:
    7
    Views:
    1,939
    Waterperson77
    Dec 9, 2003
  3. sponge

    Result of my Hijackthis scan

    sponge, Dec 27, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    1,252
    sponge
    Dec 27, 2003
  4. Lloyd Jones
    Replies:
    0
    Views:
    983
    Lloyd Jones
    Aug 5, 2004
  5. SilverR1_04

    HiJackThis Scan

    SilverR1_04, Aug 29, 2004, in forum: Computer Information
    Replies:
    7
    Views:
    554
    Jim Berwick
    Aug 30, 2004
Loading...

Share This Page