hiJackthis Help

[S]

I just ran Hijack this and got the following results, can
anyone help me figure out which files I need and which are
causing problems?

Thanks.

S

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\ltcm000c.exe
C:\WINNT\system32\Promon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software
Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\Starfish\TrueSync\tstool.exe
C:\Program Files\D-Link AirPlus\WLANMON.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Palm\hotsync.exe
C:\Program Files\eRoom 7\ERClient7.exe
C:\PROGRA~1\ERICSSON\COMMUN~1\MOBILE~1\DbgOut.exe
C:\Documents and
Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.news.com/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = proxy.fss.aramark.com:80
O1 - Hosts: 63.251.235.42 mail.unsurface.com
O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-
7695ECA05670} - C:\Program Files\Yahoo!
\Companion\ycomp5_0_2_5.dll
O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-
3A1E5238A565} - C:\WINNT\system32\toolbar.dll (file
missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\winnt\downloaded program
files\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program Files\Yahoo!
\Companion\ycomp5_0_2_5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\winnt\downloaded program
files\googletoolbar1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32
cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1
\TP98TRAY.EXE
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1
\tphkmgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [vptray] C:\Program
Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal
Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32
\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program
Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program
Files\eRoom 7\ERClient7.exe
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: TrueSync Launcher.lnk = C:\Program
Files\Starfish\TrueSync\tstool.exe
O4 - Global Startup: D-Link AirPlus DWL-650+ Utility.lnk =
C:\Program Files\D-Link AirPlus\WLANMON.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Program
Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program
Files\Common Files\efax\HotTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search -
res://c:\winnt\downloaded program
files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &iSearch The Web -
res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links -
res://c:\winnt\downloaded program
files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\winnt\downloaded program
files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages -
res://c:\winnt\downloaded program
files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\winnt\downloaded program
files\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite...
(HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .com/00/00/00/1-141: C:\Program
Files\Internet Explorer\PLUGINS\nponflow.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9}
(PlxInstall Class) -
http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo!
Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {25EE0142-ECDE-490F-955A-E57425F1EE26}
(SLCDBrowseCtl Class) -
http://208.184.83.187/downloads/senseload/Senseload.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvS
niff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://files.member.yahoo.com/dl/installs/sbc/yinsthdlk.cab
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C}
(InforbitHelper Class) -
http://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office
Update Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a224.g.akamai.net/7/224/52/20010419/qtinstall.info.a
pple.com/qt501/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
http://toolbar.google.com/navclient/data/deleon/1.1.45-
deleon/GoogleNav.cab
O16 - DPF: {8F829126-2880-11D3-A930-00104B883921}
(Voicerec Control) -
http://167.216.239.105/Download/voicerec.cab
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A}
(EmailImport.EmailImportControl) -
http://www.friendster.com/import/emailimport.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685}
(CentraDownloaderCtl Class) -
http://marius.wharton.upenn.edu/main/Install/CentraDownload
er.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.
cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {DB9EA424-4709-4614-86E8-B80BDA957841}
(DeviceTransferCtl Class) -
http://208.184.83.187/downloads/devicetransfer/devtransfer.
cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
(GpcContainer Class) -
https://meeting.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529}
(ERPageAddin Class) -
http://webcafe.wharton.upenn.edu/eRoomSetup/client.cab
O16 - DPF: {F5078F19-C551-11D3-89B9-0000F81FE221} (XML
Parser) - file://C:\WINNT\TEMP\_ISTMP2.DIR\msxml3.cab

 

[siljaline]

I just ran Hijack this and got the following results, can
anyone help me figure out which files I need and which are
causing problems?

Thanks.

S

There are many Security Forums that offer *free* analysis of "HijackThis" Logs.
These are not posted in any particular order, feel free to post as a guest in any.
If you would like an MS - MVP to follow-up on your log - post back the URL
where you submitted your log for analysis.

Regards & good luck.

http://forums.tomcoyote.com/
http://www.spywareinfo.com/forums/
http://forums.techguy.org/
http://computercops.biz/forum67.html
http://boards.cexx.org/
http://www.dslreports.com/forum/security,1
http://forum.mvps.org/
http://www.cybertechhelp.com/forums/index.php
http://forums.net-integration.net/
http://amazingtechs.com/index.php?
http://spywarewarrior.com/

~Silj

--
siljaline

MS - MVP Windows IE/OE
______________________

(Reply to group, as return address
is invalid - that we may all benefit)

 

[Guest]

hijackthis really works well. i ran it & deleted anything with iSearch in the description. one file it seems to install is c:\windows\system32\toolbar.dll. in all, i deleted about 4 or 5 entries that hijackthis found with iSearch in the name. one of the other threads explains how to fix the locked toolbars.....