Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
1 reply to this topic

#1 ArunM

ArunM

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 03 January 2005 - 03:53 PM

Hello HJT Admin,

Thank you for the HJT tool and the tutorial. I am posting the HJT log below. Need help with what to DELETE and what NOT to DELETE. I really appreciate your help. Thanks. Arun

Logfile of HijackThis v1.99.0
Scan saved at 12:16:13 PM, on 1/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.

exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.

EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc

.exe
C:\Program Files\Norton SystemWorks\Norton

AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-

LC\symlcsvc.exe
C:\WINDOWS\System32\msbleep.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wuyvi.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\j2 Messenger Plus 3.3\J2GDllCmd.exe
C:\Program Files\j2 Messenger Plus 3.3\J2GTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window

Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = 192.168.1.151:8002
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-

339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF

10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} -

(no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F}

- c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:

\hp\drivers\printers\photosmart\hphprld.exe c:

\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program

Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch

.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default

Settings\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program

Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1

\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1

\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32

\dllcache\imscinst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32

\dllcache\tintsetp.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32

\dllcache\tintsetp.exe /IMEName
O4 - HKLM\..\Run: [msbleep] msbleep.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1

\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common

Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\RunServices: [msbleep] msbleep.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program

Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4

ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton

SystemWorks\Norton Utilities\NDD32.EXE
O4 - Global Startup: j2 Live Menu 3.3.lnk = C:\Program

Files\j2 Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: j2 Tray Menu 3.3.lnk = C:\Program

Files\j2 Messenger Plus 3.3\J2GTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:

\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:

\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res

://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://

C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C

571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046

DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C

9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file

missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4

F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1

\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04

F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Advisor - {460692F5-B18A-4EBB-AE05-1B321C

876AA2} - C:\Program Files\COMPAQ\Compaq

Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://64.

55.105.205/Java/cfs31229.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer

Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} - http://

216.26.169.180/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - http://

216.26.169.180/codebase/ffmail.cab
O16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} - http://

216.26.169.180/codebase/plsspeller.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a

1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com

/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (

WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v

5consumer/V5Controls/en/x86/client/wuweb_site.cab?

1102395906855
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (

MsnMessengerSetupDownloadControl Class) - http://messenger.

msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} - http://

216.26.169.180/codebase/scriptobject.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave

Flash Object) - https://download.macromedia.com/pub/shockwave

/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - http://

eventcenter1.webex.com/client/v_eureka-fiji/event/ieatgpc.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} - http://

216.26.169.180/codebase/fontinstaller.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us

.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5

_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C56536A6-F723-42F1-

86CF-41DD9C06F1AD}: NameServer = 206.13.28.12,206.13.29.12
O23 - Service: Symantec Event Manager - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: HP Configuration Interface Service - Hewlett-

Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:

\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service -

Symantec Corporation - C:\Program Files\Norton

SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service -

Symantec Corporation - C:\Program Files\Norton

SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection - Symantec

Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program

Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:

\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:

\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:

\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.

exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file

missing)

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:57 PM

Posted 04 January 2005 - 07:46 PM

Duplicate

http://www.bleepingcomputer.com/forums/ind...wtopic=8009&hl=

Topic closed
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users