A Little Help With My Hijackthis Log please

Discussion in 'Computer Support' started by Mocha, Jun 10, 2004.

  1. Mocha

    Mocha Guest

    Hi people:

    I am quite worried about my computer's safety. I run ad-aware couple
    times a week to wipe out spywares, but when I ran Hijackthis today, I
    was surprised by how long the log file was. Can someone please
    decipher my log file please.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:29:11 AM, on 6/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Sony\Giga Pocket\shwserv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
    C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media
    Platform\SV_Httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media
    Platform\UPnPFramework.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media
    Platform\sv_httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media
    Platform\SV_Httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media
    Platform\UPnPFramework.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media
    Platform\UPnPFramework.exe
    C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\WINDOWS\System32\WScript.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Microsoft Shared\Works
    Shared\WkUFind.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Sony\USBSircs\usbsircs.exe
    C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
    C:\Program Files\Sony\Giga Pocket\gps.exe
    c:\progra~1\Support.com\client\bin\tgcmd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -
    C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} -
    C:\Program Files\Xi\Net Transport\NTIEHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
    file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion -
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no
    file)
    O3 - Toolbar: McAfee VirusScan -
    {BA52B914-B692-46c4-B683-905236F6F655} -
    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
    Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px]
    C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program
    files\support.com\client\lserver\server.vbs
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    files\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online]
    "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
    Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO
    Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
    Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
    Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program
    Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
    Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program
    Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program
    Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask]
    "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Billminder.lnk = C:\Program
    Files\Quicken\billmind.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
    Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program
    Files\Quicken\QWDLLS.EXE
    O4 - Global Startup: Remocon Driver.lnk =
    %ProgramFiles%\Sony\USBSircs\usbsircs.exe
    O4 - Global Startup: Timer Recording Manager.lnk = C:\Program
    Files\Sony\Giga Pocket\ReserveModule.exe
    O8 - Extra context menu item: Download all by Net Transport -
    C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
    O8 - Extra context menu item: Download by Net Transport -
    C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Short Message (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
    - http://download.yahoo.com/dl/installs/yinstc.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
    Installation Engine) -
    http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com
    Operating System Class) -
    http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
    (MessengerStatsClient Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
    International Setup Player) -
    http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37800.7183217593
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
    - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr
    Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
    http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
     
    Mocha, Jun 10, 2004
    #1
    1. Advertisements

  2. Mocha

    °Mike° Guest

    Primarily because you have so much running at startup.
    Many regard this as spyware:
    http://www.liutilities.com/products/wintaskspro/processlibrary/tgcmd/


    Have HijackThis fix the above.

    Have HijackThis fix the above.
    Have HijackThis fix the above.

    Have HijackThis fix the above.

    Have HijackThis fix the above.
     
    °Mike°, Jun 10, 2004
    #2
    1. Advertisements

  3. Mocha

    Mocha Guest



    how to manage what to run at startup? I knew how to do it in windows
    98, but have no idea in xp
     
    Mocha, Jun 11, 2004
    #3
  4. Mocha

    °Mike° Guest

    On 10 Jun 2004 20:55:24 -0700, in
    <>
    Mocha scrawled:

    Control your startups:
    ----------------------
    StartupList
    http://www.lurkhere.com/~nicefiles/

    Startup Monitor
    http://www.mlin.net/StartupMonitor.shtml

    Startup Control Panel
    http://www.mlin.net/StartupCPL.shtml

    WinPatrol
    http://www.winpatrol.com/


    Check what's necessary and what isn't
    http://www.sysinfo.org/startuplist.php
    http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
    http://www.windowsstartup.com/wso/index.php
    http://www.3feetunder.com/krick/startup/list.html
    http://www.greatis.com/regrun3appdatabase.htm
    http://www.kephyr.com/filedb/index.php
    http://www.reger24.de/processes.php


    Services Guide for Windows XP
    http://www.theeldergeek.com/services_guide.htm

    Windows XP Service Configurations
    http://www.blkviper.com/WinXP/servicecfg.htm

    Windows XP Strange Service Information
    http://www.blkviper.com/WinXP/strangeservice.htm
     
    °Mike°, Jun 11, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.