Hijak Log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

begud4me

Thread Starter
Joined
Jan 6, 2004
Messages
457
Hi my new comp seems to be running a little slower than a day or two ago. I went to sum umm questionable sites and am a little worried i may have some stuff running in the background. Could someone check out my HJT log, i would really appreciate it.

Thanks, Jon


Logfile of HijackThis v1.97.7
Scan saved at 8:55:45 PM, on 4/8/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\dvdooze\Stop htm.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Desktop\downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [enc base] C:\PROGRA~1\dvdooze\Stop htm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29f77f6...ip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8045.5936921296
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} - http://ultimateplugin.com/tl4000.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
 
Joined
Jan 30, 2004
Messages
820
U should run ad-aware and spybot make sure you update, liinks in signature. also get spyware blaster and follow the sypwareblaster guided link in sig. When youve scanned and done everything repost your Hijack This Log the R1's i posted below should get deleted after removing the spyware with Ad-aware and sypbot.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html


C:\PROGRA~1\dvdooze\Stop htm.exe<<questionable
C:\PROGRA~1\WINZIP\winzip32.exe<dont need
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
39,445
C:\PROGRA~1\WINZIP\winzip32.exe<dont need
S/He will need that to open Zip files. :D Those are the programs the person was running at the time of the log.

Like CrissCross said, run Spybot S&D, Lavasoft Ad-Aware and CWShredder. Reboot and run a new log.

O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [enc base] C:\PROGRA~1\dvdooze\Stop htm.exe

WinVNC is a program that allows you to connect to your machine from another machine via the internet. If you did not install this, remove it immediately. Check the Control Panel > Add / Remove Programs list to see if its listed.

The other one is unknown to me. If you are not aware of this program, remove it.

Also run Disc Cleanup (in Start > Accessories > System Tools) to remove unwanted files such as Temporary Internet Files and Temp Files.
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
39,445
also FYI on WinMgmt.exe:

WinMgmt.exe
Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top