Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • Please log in to reply
1 reply to this topic

#1 dpw168

dpw168

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 05 February 2005 - 12:04 PM

Logfile of HijackThis v1.99.0
Scan saved at 12:04:48 PM, on 2/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINNT\System32\smss.exe
G:\WINNT\SYSTEM32\winlogon.exe
G:\WINNT\system32\services.exe
G:\WINNT\system32\lsass.exe
G:\WINNT\system32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINNT\system32\spoolsv.exe
G:\WINNT\System32\CTSvcCDA.exe
G:\Program Files\U.S. Fish and Wildlife Service\VPN Client\cvpnd.exe
G:\WINNT\System32\svchost.exe
G:\WINNT\System32\mgabg.exe
G:\Program Files\Norton AntiVirus\navapsvc.exe
G:\WINNT\system32\regsvc.exe
G:\WINNT\Explorer.EXE
G:\Program Files\Norton AntiVirus\SAVScan.exe
G:\WINNT\system32\MSTask.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\WINNT\system32\svchost.exe
G:\WINNT\System32\PDesk\PDesk.exe
G:\Program Files\Creative\ShareDLL\CtNotify.exe
G:\WINNT\SYSTEM32\starter.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Program Files\Creative\ShareDLL\MediaDet.Exe
G:\Program Files\Norton Personal Firewall\IAMAPP.EXE
G:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
G:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
G:\Program Files\HP\AiO\hp officejet g series\Bin\hpoavn07.exe
G:\Program Files\eFax Messenger Plus\Dllcmd32.exe
G:\PROGRA~1\HP\AiO\Shared\Bin\hpoevm07.exe
G:\WINNT\system32\hpoipm07.exe
G:\Program Files\HP\AiO\Shared\bin\hpOSTS07.exe
G:\Program Files\HP\AiO\Shared\bin\hpOFXM07.exe
G:\Program Files\AIM95\aim.exe
G:\WINNT\System32\svchost.exe
G:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
G:\PROGRA~1\INCRED~1\bin\IMApp.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WINNT\system32\NOTEPAD.EXE
G:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Matrox Powerdesk] G:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] G:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EnsoniqMixer] G:\WINNT\SYSTEM32\starter.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iamapp] "G:\Program Files\Norton Personal Firewall\IAMAPP.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [IncrediMail] G:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: gwum.lnk = G:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = G:\Program Files\HP\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Live Menu.lnk = G:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - G:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://g:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\WINNT\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM95\aim.exe
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...55/sdcregie.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://164.159.102.70/iNotes.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://showcase2.notes.net/iNotes6.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/302ed91d5bbea06aae05/...ip/RdxIE601.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - https://164.159.102.70/download/dolcontrol.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1439/ftp...23/cpbrkpie.cab
O16 - DPF: {B931B906-B275-475F-99DE-923596CC9DB6} (PAS6_Forecaster.Forecaster) - http://www.bplans.com/common/startcost/Pas6_Forecaster.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup...p1/imloader.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - G:\Program Files\U.S. Fish and Wildlife Service\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - G:\WINNT\System32\dmadmin.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - G:\WINNT\System32\mgabg.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Administrator Service - Unknown - G:\WINNT\System32\r_server.exe
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:18 PM

Posted 06 February 2005 - 05:28 PM

You can fix these two entries in HJT:

O4 - HKLM\..\Run: [ViewMgr] G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/302ed91d5bbea06aae05/...ip/RdxIE601.cab


I do not not see anything thats bad here. There are some services you can shut down to free up some resources and you should disable these using msconfig. To access msconfig you click on start, then run, and type msconfig and press enter. The optionals are:

O4 - HKLM\..\Run: [Matrox Powerdesk] G:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] G:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EnsoniqMixer] G:\WINNT\SYSTEM32\starter.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [IncrediMail] G:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: gwum.lnk = G:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Live Menu.lnk = G:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users