1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack This Log...Too much to decipher

Discussion in 'Virus & Other Malware Removal' started by Fury1995, Jan 20, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Fury1995

    Fury1995 Thread Starter

    Joined:
    Oct 8, 2005
    Messages:
    105
    Hey guys, can someone take a glance at this log. You guys helped alot for my pc at home. This is my log from my pc at work. Thanks.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:19:07 PM, on 1/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Common Files\AOL\1118875522\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1118875522\ee\AOLServiceHost.exe
    c:\program files\common files\aol\1118875522\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\1118875522\ee\AOLServiceHost.exe
    C:\WINDOWS\system32\macromed\flash\GetFlash.exe
    C:\WINDOWS\System32\WISPTIS.EXE
    C:\Program Files\700Credit Reports\Credit Reports.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Reynolds\ERALink32\ERALink32.exe
    C:\PROGRA~1\Reynolds\ERALIN~1\wIntegSM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Brown Automotive Group
    O2 - BHO: HPOVASMD.BrowserSensor - {04047354-D353-11D2-B3EB-0060B03C5581} - C:\WINDOWS\Downloaded Program Files\hpBrSn24.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118875522\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: Launcher - http://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab
    O16 - DPF: {04047354-D353-11D2-B3EB-0060B03C5581} (HPOVASMD.BrowserSensor) - https://dealerconnect.chrysler.com/wto/plugin/hpBrSn.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136840169528
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://performancetrac.jmfefinancial.com/reports/ss/viewers/activeXViewer/activexviewer.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dealertrack.webex.com/client/v_mywebex/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = brownscar.local
    O17 - HKLM\Software\..\Telephony: DomainName = brownscar.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{30DA262F-53E6-4461-951C-E2D34DAEDC38}: NameServer = 10.25.182.250,10.25.182.253,10.205.1.100,10.205.1.200
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = brownscar.local
    O17 - HKLM\System\CS1\Services\Tcpip\..\{30DA262F-53E6-4461-951C-E2D34DAEDC38}: NameServer = 10.25.182.250,10.25.182.253,10.205.1.100,10.205.1.200
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = brownscar.local
    O17 - HKLM\System\CS2\Services\Tcpip\..\{30DA262F-53E6-4461-951C-E2D34DAEDC38}: NameServer = 10.25.182.250,10.25.182.253,10.205.1.100,10.205.1.200
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = brownscar.local
    O17 - HKLM\System\CS3\Services\Tcpip\..\{30DA262F-53E6-4461-951C-E2D34DAEDC38}: NameServer = 10.25.182.250,10.25.182.253,10.205.1.100,10.205.1.200
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
     
  2. wacor

    wacor Banned

    Joined:
    Feb 22, 2005
    Messages:
    27,340
    it might help to indicate what problem you are having
     
  3. Fury1995

    Fury1995 Thread Starter

    Joined:
    Oct 8, 2005
    Messages:
    105
    Navigation delays ... big time. Also sometimes the pc just freezes.
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,010
    First Name:
    Frank
    Are you on 56K dial-up or on high-speed cable/DSL?

    What is the processor speed and amount of RAM?

    -------------------------------------------------------------------------------------

    There are too many unnecessary programs running in the background that don't need to be, so let's get them disabled from doing so.

    Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Remove the checkmark from:

    MSMSGS (msmsgs.exe)
    (You'll also need to open Windows Messenger, go into its options/preferences settings, then uncheck the commands that tell it to load when Windows start and to run in the background)

    HotKeysCmds (hkcmd.exe)

    IgfxTray (igfxtray.exe)

    QuickTime Task (qttask.exe)

    RealTray (realplay.exe)

    SunJavaUpdateSched (jusched.exe)

    Click Apply - OK, then reboot. When the SCU window appears, place a checkmark in it and then click OK.

    -------------------------------------------------------------------------------------

    Run a scan with HijackThis, then select and fix:

    O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\Comet\bin\autosearch.dll (file missing)

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll

    O17 - HKLM\System\CCS\Services\Tcpip\..\{30DA262F-53E6-4461-951C-E2D34DAEDC38}: NameServer = 10.25.182.250,10.25.182.253,10.205.1.100,10.205.1.200

    O17 - HKLM\System\CS1\Services\Tcpip\..\{30DA262F-53E6-4461-951C-E2D34DAEDC38}: NameServer = 10.25.182.250,10.25.182.253,10.205.1.100,10.205.1.200

    O17 - HKLM\System\CS2\Services\Tcpip\..\{30DA262F-53E6-4461-951C-E2D34DAEDC38}: NameServer = 10.25.182.250,10.25.182.253,10.205.1.100,10.205.1.200

    O17 - HKLM\System\CS3\Services\Tcpip\..\{30DA262F-53E6-4461-951C-E2D34DAEDC38}: NameServer = 10.25.182.250,10.25.182.253,10.205.1.100,10.205.1.200


    Do the other O17 entries have the same domain name as your ISP? If not, fix them too.

    -------------------------------------------------------------------------------------

    Uninstall WeatherBug, then delete its leftover folder(AWS) from inside the C:\Program Files folder.

    -------------------------------------------------------------------------------------

    After you've done all of the above, reboot your computer and then post a new HijackThis log here.

    -------------------------------------------------------------------------------------
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435720

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice