1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijak Log

Discussion in 'Windows XP' started by begud4me, Apr 8, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. begud4me

    begud4me Thread Starter

    Joined:
    Jan 6, 2004
    Messages:
    457
    Hi my new comp seems to be running a little slower than a day or two ago. I went to sum umm questionable sites and am a little worried i may have some stuff running in the background. Could someone check out my HJT log, i would really appreciate it.

    Thanks, Jon


    Logfile of HijackThis v1.97.7
    Scan saved at 8:55:45 PM, on 4/8/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\dvdooze\Stop htm.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Administrator\Desktop\downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [enc base] C:\PROGRA~1\dvdooze\Stop htm.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29f77f6...ip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8045.5936921296
    O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} - http://ultimateplugin.com/tl4000.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
     
  2. Cris_Cr0ss

    Cris_Cr0ss

    Joined:
    Jan 30, 2004
    Messages:
    820
    U should run ad-aware and spybot make sure you update, liinks in signature. also get spyware blaster and follow the sypwareblaster guided link in sig. When youve scanned and done everything repost your Hijack This Log the R1's i posted below should get deleted after removing the spyware with Ad-aware and sypbot.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html


    C:\PROGRA~1\dvdooze\Stop htm.exe<<questionable
    C:\PROGRA~1\WINZIP\winzip32.exe<dont need
     
  3. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,867
    First Name:
    James
    S/He will need that to open Zip files. :D Those are the programs the person was running at the time of the log.

    Like CrissCross said, run Spybot S&D, Lavasoft Ad-Aware and CWShredder. Reboot and run a new log.

    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [enc base] C:\PROGRA~1\dvdooze\Stop htm.exe

    WinVNC is a program that allows you to connect to your machine from another machine via the internet. If you did not install this, remove it immediately. Check the Control Panel > Add / Remove Programs list to see if its listed.

    The other one is unknown to me. If you are not aware of this program, remove it.

    Also run Disc Cleanup (in Start > Accessories > System Tools) to remove unwanted files such as Temporary Internet Files and Temp Files.
     
  4. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,867
    First Name:
    James
    also FYI on WinMgmt.exe:

    WinMgmt.exe
    Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/218448

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice