Help with HijackThis scan

Discussion in 'Computer Support' started by Charlie, Jan 12, 2005.

  1. Charlie

    Charlie Guest

    Hello There

    I would appreciate some help with the below report I have just pulled
    off 'HijackThis' - I am unsure as to what I need to disable/delete etc
    and would appreciate some expert advice. Many Thanks
    Carl Sheldon

    Report Starts : -

    StartupList report, 12/01/2005, 15:59:21
    StartupList version: 1.52.2
    Started from : C:\Hijack This\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\TPWRTRAY.EXE
    C:\WINDOWS\system32\S3Tray2.exe
    C:\WINDOWS\system32\s3hotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Hijack This\HijackThis.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\wuauclt.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Acrobat Speed Launcher.lnk = ?

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Tpwrtray = TPWRTRAY.EXE
    Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
    SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    S3TRAY2 = S3Tray2.exe
    S3Hotkey = s3hotkey.exe
    NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
    gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    SpybotSD TeaTimer = C:\Program Files\Spybot - Search &
    Destroy\TeaTimer.exe
    CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\Fish.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat
    7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -
    {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - c:\program files\google\googletoolbar2.dll -
    {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Adobe\Acrobat
    7.0\Acrobat\AcroIEFavClient.dll -
    {AE7CD045-E861-484f-8273-0445EE161910}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll -
    {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer - Carl Sheldon.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll

    [AccountTracking Profile Manager Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program
    Files\accounttracking.dll

    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\wuweb.dll

    [Java Plug-in 1.4.2_06]
    InProcServer32 = C:\Program
    Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 5,525 bytes
    Report generated in 0.161 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of
    platform
    /history - to list version history only
    Report Ends : -
     
    Charlie, Jan 12, 2005
    #1
    1. Advertisements

  2. Charlie

    samuel Guest

    (Charlie) wrote in
    --cut--

    is this the most recent version of hijackthis ?

    you can post the complete log at
    http://forums.tomcoyote.org/index.php?
    or http://forums.spywareinfo.com/
     
    samuel, Jan 12, 2005
    #2
    1. Advertisements

  3. Charlie

    Bill P Guest

    You could copy and paste it here:-

    http://hijackthis.de/index.php

    and have a look for yourself but one of the experts will be along
    shortly to help.
    Regards
    Bill

     
    Bill P, Jan 12, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.