Sign in with
Sign up | Sign in
Your question

HiJack This Log

Last response: in Windows XP
Share
September 21, 2005 2:58:19 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Is there anyone here who would mind having a look at this log from Hijack
This and tell me if there is anything there that should not be please.

The reason for this is that one of our members is using a lot of MB with her
connection and I suspect that a hi jacker could be there but not that I can
recognise.

Thanks

--

Regards
Joe
Tasmania

Logfile of HijackThis v1.99.1
Scan saved at 5:55:25 PM, on 20/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BBC News alerts\skinkers.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.metacrawler.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: GameKnot Chess - {61B5B39F-0750-4637-9D70-A63A79978B5D} -
C:\WINNT\gameknot_toolbar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [EPSON Stylus C63 Series]
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C63
Series" /O5 "LPT1:" /M "Stylus C63"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry
Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BBC News alerts] C:\Program Files\BBC News
alerts\skinkers.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {3A46A070-5F27-11D8-B8D1-DCF157D20741} (Generator.IonSaliuGen) -
http://www.saliu.com/Generator.CAB
O16 - DPF: {3E8FD258-0359-4476-AAF4-7C5F65E9B46E} -
http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/316da9ba9cd1703fe201/netzip...
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} -
http://activex.microsoft.com/objects/ocget.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

More about : hijack log

Anonymous
September 21, 2005 2:58:20 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Joe

This link give access to a specialist forum where they deal with the
interpretation of HijackThis logs.
http://aumha.net/

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.

http://dts-l.org/goodpost.htm

~~~~~~~~~~~~~~~~~~~~~~~~


"Joe" <jogor@bigpond.net.au> wrote in message
news:uUV%237LevFHA.3688@tk2msftngp13.phx.gbl...
> Is there anyone here who would mind having a look at this log from
> Hijack This and tell me if there is anything there that should not be
> please.
>
> The reason for this is that one of our members is using a lot of MB
> with her connection and I suspect that a hi jacker could be there but
> not that I can recognise.
>
> Thanks
>
> --
>
> Regards
> Joe
> Tasmania
>
> Logfile of HijackThis v1.99.1
> Scan saved at 5:55:25 PM, on 20/09/2005
> Platform: Windows 2000 SP4 (WinNT 5.00.2195)
> MSIE: Internet Explorer v6.00 (6.00.2800.1106)
>
> Running processes:
> C:\WINNT\System32\smss.exe
> C:\WINNT\system32\winlogon.exe
> C:\WINNT\system32\services.exe
> C:\WINNT\system32\lsass.exe
> C:\WINNT\system32\svchost.exe
> C:\WINNT\system32\spoolsv.exe
> C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> C:\WINNT\System32\svchost.exe
> C:\WINNT\system32\regsvc.exe
> C:\WINNT\system32\MSTask.exe
> C:\WINNT\system32\stisvc.exe
> C:\WINNT\System32\WBEM\WinMgmt.exe
> C:\WINNT\system32\svchost.exe
> C:\WINNT\Explorer.EXE
> C:\Program Files\Microsoft Hardware\Mouse\point32.exe
> C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
> C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
> C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
> C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
> C:\Program Files\BBC News alerts\skinkers.exe
> C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
> C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
> C:\PROGRA~1\WINZIP\winzip32.exe
> C:\unzipped\hijackthis\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.metacrawler.com/
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
> O2 - BHO: Yahoo! Companion BHO -
> {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
> Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
> O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
> Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O3 - Toolbar: GameKnot Chess -
> {61B5B39F-0750-4637-9D70-A63A79978B5D} - C:\WINNT\gameknot_toolbar.dll
> O3 - Toolbar: &Yahoo! Companion -
> {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
> Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
> O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
> {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
> O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
> O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
> initialize
> O4 - HKLM\..\Run: [POINTER] point32.exe
> O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
> Hardware\Keyboard\type32.exe"
> O4 - HKLM\..\Run: [EPSON Stylus C63 Series]
> C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON
> Stylus C63 Series" /O5 "LPT1:" /M "Stylus C63"
> O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry
> Mechanic\RegMech.exe /QS
> O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
> AntiSpyware\gcasServ.exe"
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\jre1.5.0_04\bin\jusched.exe
> O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
> /STARTUP
> O4 - HKCU\..\Run: [BBC News alerts] C:\Program Files\BBC News
> alerts\skinkers.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O9 - Extra button: (no name) -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
> O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight
> Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
> O16 - DPF: {3A46A070-5F27-11D8-B8D1-DCF157D20741}
> (Generator.IonSaliuGen) - http://www.saliu.com/Generator.CAB
> O16 - DPF: {3E8FD258-0359-4476-AAF4-7C5F65E9B46E} -
> http://activex.microsoft.com/objects/ocget.dll
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
> http://software-dl.real.com/316da9ba9cd1703fe201/netzip...
> O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} -
> http://activex.microsoft.com/objects/ocget.dll
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,
> s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
> C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
> VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
>
>
>
Anonymous
September 21, 2005 2:58:20 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Joe wrote:
> Is there anyone here who would mind having a look at this log from
> Hijack This and tell me if there is anything there that should not be
> please.
> The reason for this is that one of our members is using a lot of MB
> with her connection and I suspect that a hi jacker could be there but
> not that I can recognise.
>
> Thanks

Since this isn't the place for HJT logs, the only person that would be
willing to look at it is some smuck that nobody trusts or respects,
pcbutthead.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Related resources
Anonymous
September 21, 2005 2:58:20 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Nothing in your log looks bad except these two lines. Have HJT fix them

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


Nothing explains your problem though. Explain what is happening again but
with more detail.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Joe" <jogor@bigpond.net.au> wrote in message
news:uUV%237LevFHA.3688@tk2msftngp13.phx.gbl...
> Is there anyone here who would mind having a look at this log from Hijack
> This and tell me if there is anything there that should not be please.
>
> The reason for this is that one of our members is using a lot of MB with
> her connection and I suspect that a hi jacker could be there but not that
> I can recognise.
>
> Thanks
>
> --
>
> Regards
> Joe
> Tasmania
>
> Logfile of HijackThis v1.99.1
> Scan saved at 5:55:25 PM, on 20/09/2005
> Platform: Windows 2000 SP4 (WinNT 5.00.2195)
> MSIE: Internet Explorer v6.00 (6.00.2800.1106)
>
September 21, 2005 3:46:04 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Thank you both for your replies.

I have registered and posted the log on the Aumha Forum.

Many thanks for your advice once again

--

Regards
Joe
Tasmania
"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:usay7YevFHA.1648@TK2MSFTNGP10.phx.gbl...
> Joe wrote:
>> Is there anyone here who would mind having a look at this log from
>> Hijack This and tell me if there is anything there that should not be
>> please.
>> The reason for this is that one of our members is using a lot of MB
>> with her connection and I suspect that a hi jacker could be there but
>> not that I can recognise.
>>
>> Thanks
>
> Since this isn't the place for HJT logs, the only person that would be
> willing to look at it is some smuck that nobody trusts or respects,
> pcbutthead.
>
> --
> Peace!
> Kurt
> Self-anointed Moderator
> microscum.pubic.windowsexp.gonorrhea
> http://microscum.com/mscommunity
> "Trustworthy Computing" is only another example of an Oxymoron!
> "Produkt-Aktivierung macht frei"
>
!