1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HijackThis Log

Discussion in 'Virus & Other Malware Removal' started by Choccy, Sep 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Choccy

    Choccy Thread Starter

    Joined:
    Sep 27, 2003
    Messages:
    28
    A friend has forwarded this hijackthis log to me, as they are having many problems with their computer, including not being able to connect to the internet.
    Could you please take a look at it and tell me what is safe to delete ... I've never seen a log this long!
    Thanks

    Logfile of HijackThis v1.97.7
    Scan saved at 11:12:48, on 19/09/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\PASSWORD MANAGER\ACCTMGR.EXE
    C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
    C:\WINDOWS\TWAIN_32\SCSI600\WATCH.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE\REMOTE.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
    C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\STDIALUP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\MV2XS5K5\HIJACKTHIS[1].EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    O1 - Hosts: www.google.akadns.net
    O1 - Hosts: www.google.com
    O1 - Hosts: google.com
    O1 - Hosts: www.altavista.com
    O1 - Hosts: altavista.com
    O1 - Hosts: search.yahoo.com
    O1 - Hosts: uk.search.yahoo.com
    O1 - Hosts: ca.search.yahoo.com
    O1 - Hosts: jp.search.yahoo.com
    O1 - Hosts: au.search.yahoo.com
    O1 - Hosts: de.search.yahoo.com
    O1 - Hosts: search.yahoo.co.jp
    O1 - Hosts: www.lycos.de
    O1 - Hosts: www.lycos.ca
    O1 - Hosts: www.lycos.jp
    O1 - Hosts: www.lycos.co.jp
    O1 - Hosts: alltheweb.com
    O1 - Hosts: web.ask.com
    O1 - Hosts: ask.com
    O1 - Hosts: www.ask.com
    O1 - Hosts: www.teoma.com
    O1 - Hosts: search.aol.com
    O1 - Hosts: www.looksmart.com
    O1 - Hosts: auto.search.msn.com
    O1 - Hosts: search.msn.com
    O1 - Hosts: ca.search.msn.com
    O1 - Hosts: fr.ca.search.msn.com
    O1 - Hosts: search.fr.msn.be
    O1 - Hosts: search.fr.msn.ch
    O1 - Hosts: search.latam.yupimsn.com
    O1 - Hosts: search.msn.at
    O1 - Hosts: search.msn.be
    O1 - Hosts: search.msn.ch
    O1 - Hosts: search.msn.co.in
    O1 - Hosts: search.msn.co.jp
    O1 - Hosts: search.msn.co.kr
    O1 - Hosts: search.msn.com.br
    O1 - Hosts: search.msn.com.hk
    O1 - Hosts: search.msn.com.my
    O1 - Hosts: search.msn.com.sg
    O1 - Hosts: search.msn.com.tw
    O1 - Hosts: search.msn.co.za
    O1 - Hosts: search.msn.de
    O1 - Hosts: search.msn.dk
    O1 - Hosts: search.msn.es
    O1 - Hosts: search.msn.fi
    O1 - Hosts: search.msn.fr
    O1 - Hosts: search.msn.it
    O1 - Hosts: search.msn.nl
    O1 - Hosts: search.msn.no
    O1 - Hosts: search.msn.se
    O1 - Hosts: search.ninemsn.com.au
    O1 - Hosts: search.t1msn.com.mx
    O1 - Hosts: search.xtramsn.co.nz
    O1 - Hosts: search.yupimsn.com
    O1 - Hosts: uk.search.msn.com
    O1 - Hosts: search.lycos.com
    O1 - Hosts: www.lycos.com
    O1 - Hosts: www.google.ca
    O1 - Hosts: google.ca
    O1 - Hosts: www.google.uk
    O1 - Hosts: www.google.co.uk
    O1 - Hosts: www.google.com.au
    O1 - Hosts: www.google.co.jp
    O1 - Hosts: www.google.jp
    O1 - Hosts: www.google.at
    O1 - Hosts: www.google.be
    O1 - Hosts: www.google.ch
    O1 - Hosts: www.google.de
    O1 - Hosts: www.google.se
    O1 - Hosts: www.google.dk
    O1 - Hosts: www.google.fi
    O1 - Hosts: www.google.fr
    O1 - Hosts: www.google.com.gr
    O1 - Hosts: www.google.com.hk
    O1 - Hosts: www.google.ie
    O1 - Hosts: www.google.co.il
    O1 - Hosts: www.google.it
    O1 - Hosts: www.google.co.kr
    O1 - Hosts: www.google.com.mx
    O1 - Hosts: www.google.nl
    O1 - Hosts: www.google.co.nz
    O1 - Hosts: www.google.pl
    O1 - Hosts: www.google.pt
    O1 - Hosts: www.google.com.ru
    O1 - Hosts: www.google.com.sg
    O1 - Hosts: www.google.co.th
    O1 - Hosts: www.google.com.tr
    O1 - Hosts: www.google.com.tw
    O1 - Hosts: go.google.com
    O1 - Hosts: google.at
    O1 - Hosts: google.be
    O1 - Hosts: google.de
    O1 - Hosts: google.dk
    O1 - Hosts: google.fi
    O1 - Hosts: google.fr
    O1 - Hosts: google.com.hk
    O1 - Hosts: google.ie
    O1 - Hosts: google.co.il
    O1 - Hosts: google.it
    O1 - Hosts: google.co.kr
    O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
    O4 - HKLM\..\Run: [Atikey] Atitask.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe
    O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
    O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE
    O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\scsi600\WATCH.exe
    O4 - Startup: Shockwave Init.lnk = C:\WINDOWS\SYSTEM\MACROMED\Shockwave\swinit.exe
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL/VSearch.htm
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.newport.ac.uk/iNotes.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38231.4562847222
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,439
    First Name:
    Frank
    Choccy:

    I'll let someone else more knowledgeable than me reply to you about the HijackThis log.

    One big problem that your friend has with his/her computer is that the startup load is way too bloated. Other than:

    ScanRegistry

    SystemTray

    Antivirus program entries


    very few other programs need to be running in the background.

    Have your friend read here.
     
  3. Fidelista

    Fidelista

    Joined:
    Jan 17, 2004
    Messages:
    9,600
    Hello Choc. It would be wise NOT to disable any programs with msconfig until the problems are corrected. I assume the old version of Hijackthis is because your friend cannot connect to the internet.
    Not an expert , but try this, close all browsers and run HJT. Fix these items only>>>
    All 01 hosts.

    O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)

    O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
    O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com

    ----------------------------------------------------------------------------------

    If this is not recognized by the user , delete it also----
    O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.newport.ac.uk/iNotes.cab
    ---------------------------------------------------------------------------
    Delete all temp internet files as well as all temp files.
    Now reboot and try to connect.
    If connection is made go here and download Spybot 1.3 and Adaware SE Personal. Update them, run them , and let them fix all they find.
    Link> http://www.majorgeeks.com/downloads31.html
    Next download the new version of Hijackthis {save to documents or its own folder,not temp internet files} and repost the results for the experts to analyze.
    If this doesnt help , at least it will bump your post. Best of luck >f
     
  4. Choccy

    Choccy Thread Starter

    Joined:
    Sep 27, 2003
    Messages:
    28
    Thanks for the replies.
    I should have the computer at my house to have a look at in the next few days, where I can use my internet connection to download anything neccessary.
    I'll follow the instructions and post back then.
    Thanks for your help, it's much appreciated.
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,439
    First Name:
    Frank
    I second what Fidelista said. Deal with the HijackThis log first before unchecking and disabling anything in the MSCONFIG startup tab. If you edit the MSCONFIG startup list first, everything will not appear in the HijackThis log. Once the HijackThis log is dealt with, then you can edit the MSCONFIG startup list. I thought I mentioned this in my first post, but I didn't.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/275693

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice