1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

please help with hijack this log....

Discussion in 'Security and Privacy' started by genex, 2004/07/14.

Thread Status:
Not open for further replies.
  1. 2004/07/14
    genex

    genex Inactive Thread Starter

    Joined:
    2004/06/09
    Messages:
    36
    Likes Received:
    0
    >From: "jj connolly" <jconnolly11@nyc.rr.com>
    >To: <jconnolly11@hotmail.com>
    >Date: Tue, 13 Jul 2004 19:01:38 -0400
    >
    >Logfile of HijackThis v1.97.7
    >Scan saved at 4:09:20 PM, on 7/13/2004
    >Platform: Windows XP SP1 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    >Running processes:
    >C:\WINDOWS\System32\smss.exe
    >C:\WINDOWS\system32\winlogon.exe
    >C:\WINDOWS\system32\services.exe
    >C:\WINDOWS\system32\lsass.exe
    >C:\WINDOWS\system32\svchost.exe
    >C:\WINDOWS\System32\svchost.exe
    >C:\WINDOWS\Explorer.EXE
    >C:\WINDOWS\system32\spoolsv.exe
    >C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    >C:\Program Files\Norton Internet Security\NISUM.EXE
    >C:\Program Files\Apoint\Apoint.exe
    >C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    >C:\Program Files\BroadJump\Client Foundation\CFD.exe
    >C:\WINDOWS\SM1BG.EXE
    >C:\Program Files\Apoint\Apntex.exe
    >C:\WINDOWS\System32\PD6000SM.EXE
    >C:\Program Files\QuickTime\qttask.exe
    >C:\Program Files\iTunes\iTunesHelper.exe
    >C:\WINDOWS\bokja.exe
    >C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    >C:\WINDOWS\System32\spxtdfl.exe
    >C:\WINDOWS\System32\tsmgr.exe
    >C:\Program Files\Common files\WinTools\WToolsA.exe
    >C:\Program Files\MSN Messenger\MsnMsgr.Exe
    >C:\Program Files\SpyKiller\spykiller.exe
    >C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    >C:\WINDOWS\System32\Ati2evxx.exe
    >C:\Program Files\PowerPanel\Program\PcfMgr.exe
    >C:\Program Files\Norton Internet Security\ccPxySvc.exe
    >C:\WINDOWS\system32\drivers\KodakCCS.exe
    >C:\Program Files\Norton AntiVirus\navapsvc.exe
    >C:\WINDOWS\System32\ScsiAccess.EXE
    >C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    >C:\Program Files\Sony\VAIO Media Integrated
    >Server\Photo\appsrv\PhotoAppSrv.exe
    >C:\Program Files\Common files\WinTools\WToolsS.exe
    >C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    >C:\Program Files\Sony\VAIO Media Integrated
    >Server\Platform\UPnPFramework.exe
    >C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    >C:\Program Files\Sony\VAIO Media Integrated
    >Server\Platform\UPnPFramework.exe
    >C:\Program Files\iPod\bin\iPodService.exe
    >C:\Program Files\Common Files\WinTools\WSup.exe
    >C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    >C:\WINDOWS\System32\msiexec.exe
    >C:\Program Files\Netscape\Netscape\HijackThis.exe
    >C:\Program Files\Netscape\Netscape\HijackThis.exe
    >
    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    >http://www.websearch.com/ie.aspx?tb_id=50029
    >R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    >R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    >http://www.websearch.com/ie.aspx?tb_id=50029
    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    >Microsoft Internet Explorer provided by Roadrunner
    >R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
    >http://www.sony.com/vaiopeople
    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    >http://www.websearch.com/ie.aspx?tb_id=50029
    >R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
    >C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    >N3 - Netscape 7: user_pref( "browser.search.defaultengine ",
    > "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src ");
    >(C:\Documents and Settings\james connolly\Application
    >Data\Mozilla\Profiles\default\94y7yej7.slt\prefs.js)
    >O2 - BHO: (no name) - SOFTWARE - (no file)
    >O2 - BHO: (no name) - {00000250-0320-4DD4-BE4F-7566D2314352} -
    >C:\WINDOWS\VoiceIP.dll
    >O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    >O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E} -
    >C:\PROGRA~1\Srng\SNHelper.dll (file missing)
    >O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    >C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    >O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} -
    >C:\WINDOWS\System32\SWin32.dll
    >O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
    >C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    >O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    >C:\WINDOWS\System32\msdxm.ocx
    >O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no
    >file)
    >O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    >O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    >O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
    >Panel\atiptaxx.exe
    >O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
    >irprops.cpl,,BluetoothAuthenticationAgent
    >O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    >O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch
    >Setting Utility\Switcher.exe
    >O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey
    >Utility\HKserv.exe
    >O4 - HKLM\..\Run: [ezShieldProtector for Px]
    >C:\WINDOWS\System32\ezSP_Px.exe
    >O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    >Shared\ccApp.exe "
    >O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    >Shared\ccRegVfy.exe "
    >O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO
    >Recovery\PartSeal.exe
    >O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
    >Foundation\CFD.exe
    >O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
    >O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    >Files\Real\Update_OB\realsched.exe" -osboot
    >O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    >O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\System32\PD6000SM.EXE
    >O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    >-atboottime
    >O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    >O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe
    >O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
    >O4 - HKLM\..\Run: [wvtidu] C:\WINDOWS\System32\spxtdfl.exe
    >O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware
    >Stormer\SpywareStormer.Exe
    >O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
    >files\WinTools\WToolsA.exe
    >O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    >/background
    >O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
    >/startup
    >O4 - HKCU\..\Run: [WinTools] C:\Program Files\Common
    >Files\WinTools\WToolsA.exe
    >O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    >O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    >Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    >O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
    >Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    >O4 - Global Startup: PowerPanel.lnk = ?
    >O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
    >Files\Quicken\bagent.exe
    >O4 - Global Startup: Quicken Startup.lnk = C:\Program
    >Files\Quicken\QWDLLS.EXE
    >O9 - Extra button: Messenger (HKLM)
    >O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    >O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} -
    >http://www.spywarestormer.com/files2/Install.cab
    >O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    >http://207.188.7.150/10f0d5d71d46c740a300/netzip/RdxIE601.cab
    >O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} -
    >http://www.atelys.com/src/Speedup.ocx
    >O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
    >International Setup Player) - http://www.napster.com/client/isetup.cab
    >O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    >- http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    >
     
    genex,
    #1
  2. 2004/07/14
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    You do have a fair amount of crapware on your PC that needs to go but no reason to inflict that log with all the >> stuff on folks who need to wade thru and find bad stuff then post what you need to remove.

    Also, the Hijackthis version that created the log is out of date so you need to download the latest (1.98 I think).

    Please get the latest version, create another log, and post the log directly into a new thread (since I'm locking this one) or if for some reason you need to email it to yourself, clean it up before you post it.
     
    Newt,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...