1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack This Log

Discussion in 'Windows XP' started by Mipit, Jan 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Mipit

    Mipit Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    64
    anyone wanna see if i have problems with my computer?
    Logfile of HijackThis v1.99.1
    Scan saved at 2:21:37 PM, on 16/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Metacafe\MetacafeAgent.exe
    C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 217.172.47.81 l2authd.lineage2.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
    O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\DELONG~1\LOCALS~1\Temp\~DP101F.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\fkccgwwh.dll (file missing)
    O2 - BHO: (no name) - {F5E1A534-5656-4B41-82CC-A80444D0CDFE} - C:\WINDOWS\Registration\smvcatpi.dll (file missing)
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
    O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
    O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
    O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\DelongchampC\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (NOXLATE) - file://C:\Program Files\AutoCAD LT 2000i\InstFred.ocx
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lockerby.net
    O17 - HKLM\Software\..\Telephony: DomainName = lockerby.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lockerby.net
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: smvcatpi - C:\WINDOWS\Registration\smvcatpi.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINDOWS\System32\remsdnsv.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
     
  2. bonk

    bonk Banned

    Joined:
    Sep 8, 2005
    Messages:
    11,097
    Do you have two anti-Virus Programs running?
     
  3. Mipit

    Mipit Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    64
    Our domain for our school makes us download nod32. I dont like it very much. dead slow and in all of my couple months of using it it has not found a thing and a domain wont let us set a recovery point on our computer or shutdown nod 32 because there scared of viruses. AVG is my best antivirus.
     
  4. bonk

    bonk Banned

    Joined:
    Sep 8, 2005
    Messages:
    11,097
    Running 2 AVs on the same PC will slow things up and cause conflicts and take up resources....I would just have one and delete the other.
     
  5. Mipit

    Mipit Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    64
    Well the most useful is avg and i cant delete nod 32
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,938
    First Name:
    Frank
    I'm not a log expert, but there appears to be some infection present.

    Have you updated AVG with the latest definition files and then run a full hard drive scan with it?

    -------------------------------------------------------------------------------------

    Personally, I'd get rid of all those toolbars and web accelerator helpers.

    --------------------------------------------------------------------------------------

    There are a few unnecessary programs running in the background, but the startup list is not excessively bloated.

    AVG appears to be the only antivirus program running in the background. I don't see NOD32 running in the background.

    --------------------------------------------------------------------------------------
     
  7. Mipit

    Mipit Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    64
     
  8. Mipit

    Mipit Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    64
    ok i scanned found 2 things and i healed them so now it seems fine.
     
  9. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,938
    First Name:
    Frank
  10. Mipit

    Mipit Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    64
    Is there any other things i could do to help my computer?
     
  11. bonk

    bonk Banned

    Joined:
    Sep 8, 2005
    Messages:
    11,097
    Clean out your Temp folders

    Defrag

    Heres a free utilty for cleaning Temp folders quickly

    ATF Cleaner by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

    If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.


    Click Exit on the Main menu to close the program.
     
  12. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,938
    First Name:
    Frank
    Make use of this site so you can trim down the startup list of its unnecessary running problems.

    Most of them can be started manually when needed and don't need to automatically load and run.

    -------------------------------------------------------------------------------------

    Delete everything from inside these TEMP folders:

    C:\WINDOWS\TEMP

    C:\DOCUMENTS AND SETTINGS\(USERNAME)\LOCAL SETTINGS\TEMP

    -------------------------------------------------------------------------------------
     
  13. Mipit

    Mipit Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    64
    I made some space using atf and cleared everything except passwords. im tring to defrag but my computer keeps freezing and it seems that my screen save poped up my computer is fozen as i type this a the dfreager is now open and microsoft Management Console encounterd a problem. all as im typing this.

    Edit my defrag is corrupt o_0 so is there anyway i can reget it WITHOUT reinstalling windows.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/535770

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice