HELP New to Hijackthis

K

kanteetoo

Dear Bros...
Anything wrong with my scan log......any malicious stuff i need to ri
off? HELP?
Thanks!

Logfile of HijackThis v1.98.2
Scan saved at 1:55:27 PM, on 8/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Norman\Norman Personal Firewall\NPFMSG.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\NORMAN\Nvc\BIN\NVCOD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Allen Jonathan\Loca
Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
http://tinyurl.com/5d44a
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
http://tinyurl.com/vcxu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)
http://tinyurl.com/4gv89
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak
http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565
- (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3
- C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344
- C:\WINDOWS\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14
- C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA
- C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (n
file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemo
initialize
O4 - HKLM\..\Run: [diagent] "C:\Progra
Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\AT
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Pop-Up Stopper
"C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EX
/AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Commo
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Progra
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [3d8d] C:\WINDOWS\System32\3d8d.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOA
/SPLASH
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEy
Network\bin\bargains.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-awar
6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony
Handheld\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program
Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime -
http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 -
http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 -
http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Toki Toki Boom -
http://download.games.yahoo.com/games/clients/y/vtm_x.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 -
http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/22efcc5f64218fd77703/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://tinyurl.com/w8md
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide
ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://tinyurl.com/69axb
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://202.172.226.178/axiscam/dll/AxisCamControl.ocx
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active
Launcher) - http://tinyurl.com/42bqp
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
-
http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
 
W

Will Denny

Hi

Maybe better to post this file to either of the following:

http://forum.mvps.org/ - 'Hijackthis Logs'.
http://forums.spywareinfo.com/

--

Will Denny
MVP - Windows Shell/User
Please reply to the News Groups


kanteetoo said:
Dear Bros...
Anything wrong with my scan log......any malicious stuff i need to rid
off? HELP?
Thanks!

Logfile of HijackThis v1.98.2
Scan saved at 1:55:27 PM, on 8/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Norman\Norman Personal Firewall\NPFMSG.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\NORMAN\Nvc\BIN\NVCOD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Allen Jonathan\Local
Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://tinyurl.com/5d44a
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://tinyurl.com/vcxu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://tinyurl.com/4gv89
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565}
- (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
- C:\WINDOWS\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14}
- C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no
file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
initialize
O4 - HKLM\..\Run: [diagent] "C:\Program
Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Pop-Up Stopper]
"C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE
/AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [3d8d] C:\WINDOWS\System32\3d8d.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD
/SPLASH
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware
6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony
Handheld\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program
Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &iSearch The Web -
res://C:\WINDOWS\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime -
http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 -
http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 -
http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Toki Toki Boom -
http://download.games.yahoo.com/games/clients/y/vtm_x.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 -
http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/22efcc5f64218fd77703/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://tinyurl.com/w8md
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide
ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://tinyurl.com/69axb
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://202.172.226.178/axiscam/dll/AxisCamControl.ocx
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active
Launcher) - http://tinyurl.com/42bqp
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
-
http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab


--
kanteetoo
------------------------------------------------------------------------
kanteetoo's Profile:
http://extremetechsupport.com/forum/member.phtml?userid=424
View this thread:
http://extremetechsupport.com/forum/showthread.phtml?t=71163
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Spoolsv.exe problem - Continued 8
Help reading a HijackThis log 3
Cannt access Microsoft Website 1
Microsoft Visual C++ runtime library error (smproxy.exe) 2
Internet Explorer 6 3
No internet connection works + new computer slowness. HJT log incl 7
100% CPU Usage - HELP PLEASE!!! 1
Still have red x 4

Top