Hijack this log por favor

Discussion in 'Computer Support' started by joevan, Feb 20, 2004.

  1. joevan

    joevan Guest

    Logfile of HijackThis v1.97.7
    I hope it is ok to ask if anyone here would look this over and say if
    anything looks amiss. To delete or not to delete, that is the
    question.
    The only thing I deleted from the list was some junk left over when I
    got rid of the Weatherbug.

    My daughter uses AIM and Yahoo for messages and or mail.


    Scan saved at 9:33:38 AM, on 2/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\System32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Microsoft Hardware\Mouse\point32.exe
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\Program Files\Restart\Restart.exe
    D:\WINDOWS\system32\cisvc.exe
    D:\Program Files\Executive Software\Diskeeper\DkService.exe
    D:\WINDOWS\system32\cidaemon.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\ACD Systems\ACDSee\ACDSee.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Program Files\Media Player Classic\mplayerc.exe
    D:\Program Files\Outlook Express\msimn.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\covad\GSpot\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    Microsoft Internet Explorer
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} -
    D:\PROGRA~1\ZEROPO~1\HTMLEdit.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper -
    {601ED020-FB6C-11D3-87D8-0050DA59922B} - c:\program files\ws_ftp
    pro\wsbho2K0.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    d:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus -
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Restart] D:\Program Files\Restart\Restart.exe
    O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone
    Labs\ZoneAlarm\zonealarm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    present
    O8 - Extra context menu item: &Google Search - res://d:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://d:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page -
    res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://d:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English -
    res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .bcf: D:\Program Files\Internet
    Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: D:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
    http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://active.macromedia.com/director/cabs/sw.cab

    http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
    Installation Engine) -
    http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
    http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
    http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.6293287037
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
    http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
    Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_11_0.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{09A***C0-282F-4B*****0-4A2******89}:
    NameServer = **.***.159.*** **.105.***.***
    O17 -
    HKLM\System\CS1\Services\Tcpip\..\{{09A***C0-282F-4B*****0-4A2******89}:
    NameServer = **.***.159.*** **.105.***.***
    I deleted some numbers here and put in **** just in case I would be
    divulging something I shouldn't.

    TIA
    joevan
     
    joevan, Feb 20, 2004
    #1
    1. Advertisements

  2. joevan

    TehGhodTrole Guest

    Just delete the lot. If all hell breaks lose, you've broken something.

    HTH and HAND
     
    TehGhodTrole, Feb 20, 2004
    #2
    1. Advertisements

  3. joevan

    Harrison Guest

    All in all, it looks pretty clean.
    There are some things you can get rid of here, but none seem to be too nasty.
    Indexing Service - Right-click My Computer and choose Manage. Go to Services and Applications/Services. Locate the
    Indexing Service and press stop/disable.
    See http://www.theeldergeek.com/services_guide.htm for more useless services.
    Remove - Uninstall
    Get Avant, Firefox, or Mozilla.
    I see you already have the Google Toolbar.

    Remove - Better yet, get rid of Real Player altogether.
    Remove
     
    Harrison, Feb 20, 2004
    #3
  4. joevan

    Harrison Guest

    http://tinyurl.com/2evb2
     
    Harrison, Feb 20, 2004
    #4
  5. joevan

    joevan Guest

    Thank you Harrison,
    A calm clear head is better than a noisy clouded one.
    joevan
     
    joevan, Feb 20, 2004
    #5
  6. joevan

    joevan Guest

    joevan, Feb 20, 2004
    #6
  7. joevan

    °Mike° Guest

    If the above IPs are *not* from your network, or ISP, have HijackThis
    fix them.

    <snip>
     
    °Mike°, Feb 20, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.