1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

have deskwizz ;Need help reading my HiJackThis log

Discussion in 'Virus & Other Malware Removal' started by rpnuge, Jan 25, 2005.

Thread Status:
Not open for further replies.
  1. rpnuge

    rpnuge Thread Starter

    Joined:
    Jan 25, 2005
    Messages:
    2
    Hi,
    I have deskwizz pop-up in IE and saw other posts on here that successfully got rid of it.

    Can somebody recommend what to delete in the Hijackthis log?

    So far I have done the following:
    1. create a restore point in Windows
    2. Ran Adaware with latest definitions
    3. Ran Spbot with latest definiations
    4. Ran SpywareBlaster with last definitions
    5. Downloaded CWShredder
    6. Re-booted and ran Hijackthis and below is the log

    Logfile of HijackThis v1.99.0
    Scan saved at 2:01:11 PM, on 1/25/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    c:\PROGRA~1\NavNT\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\mnmsrvc.exe
    C:\WINDOWS\System32\rundll32.exe
    c:\PROGRA~1\NavNT\rtvscan.exe
    C:\PROGRA~1\symantec\LIVEUP~1\savroam.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\System32\CCM\CcmExec.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\NavNT\vptray.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\System32\secure.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://eweb.verizon.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eweb.verizon.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.verizon.com/cgi-bin/getproxy
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: (no name) - {5DDEC57D-21D7-8D63-99C0-E574EF9F53EC} - C:\WINDOWS\tgmj.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\NavNT\vptray.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\secure.exe
    O4 - HKLM\..\Run: [ssqb.exe] C:\WINDOWS\ssqb.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://eweb.verizon.com/
    O16 - DPF: Sametime Directory Applet ST30SP1 - http://ttst03.verizon.com/sametime/stdirectoryapplet/STDirectoryApplet.cab
    O16 - DPF: Sametime Directory Applet ST31 - http://ttst03.verizon.com/sametime/stdirectoryapplet/STDirectoryApplet.cab
    O16 - DPF: Sametime Meeting Room Client ST30IF3 - http://bhst01.verizon.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
    O16 - DPF: ST BC ST31IF1 PMR-90722999000 - http://ttst03.verizon.com/sametime/stbroadcastclient/STBroadcastClient.cab
    O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - http://ttst03.verizon.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
    O16 - DPF: {24CEC0BF-C8BC-4BCB-B804-226326B319EF} (JNILoader Control) - http://bhst01.verizon.com/sametime/STMeetingRoomClient/STJNILoader.cab
    O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://ttst03.verizon.com/sametime/stmeetingroomclient/STJNILoader.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://hqsv20.verizon.com/viewer/activeXViewer/activexviewer.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us1.ent.verizon.com
    O17 - HKLM\Software\..\Telephony: DomainName = us1.ent.verizon.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{37E2229E-B2BF-41A0-8D6E-7F2EC8FA3C1A}: Domain = verizon.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us1.ent.verizon.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = verizon.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com
    O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service - Unknown - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: DefWatch - Symantec Corporation - c:\PROGRA~1\NavNT\DefWatch.exe
    O23 - Service: Contivity VPN Service - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
    O23 - Service: marimba - Marimba, Inc. - C:\marimba\castanet tuner\tuner.exe
    O23 - Service: NICSer_WPC54G - Unknown - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: Symantec AntiVirus Client - Symantec Corporation - c:\PROGRA~1\NavNT\rtvscan.exe
    O23 - Service: OracleOracle9iClientCache - Unknown - c:\orawin9i\BIN\ONRSD.EXE
    O23 - Service: SAVRoam - symantec - C:\PROGRA~1\symantec\LIVEUP~1\savroam.exe
    O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  2. gotrootdude

    gotrootdude

    Joined:
    Feb 19, 2003
    Messages:
    8,812
    O2 - BHO: (no name) - {5DDEC57D-21D7-8D63-99C0-E574EF9F53EC} - C:\WINDOWS\tgmj.dll

    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\secure.exe

    O4 - HKLM\..\Run: [ssqb.exe] C:\WINDOWS\ssqb.exe

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


    I think that's it.. Delete the files..
     
  3. rpnuge

    rpnuge Thread Starter

    Joined:
    Jan 25, 2005
    Messages:
    2
    Thanks!

    That did it. Been trying for a month to get of this.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/323330

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice