Jump to content


Photo

please help me out


  • Please log in to reply
5 replies to this topic

#1 ak_hip

ak_hip

    Member

  • New Member
  • Pip
  • 3 posts

Posted 29 June 2004 - 12:39 AM

Dear members of this forum:

Please help me analyze my hijackthis log if you can.
I think I have lots of problems going on with my computer.
Here is my hijackthis log. Thank You.

Logfile of HijackThis v1.97.7
Scan saved at 1:35:12 上午, on 2004-06-29
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\AVPersonal\AVGUARD.EXE
E:\WINNT\System32\Ati2evxx.exe
E:\Program Files\AVPersonal\AVWUPSRV.EXE
E:\WINNT\system32\ZoneLabs\isafe.exe
E:\WINNT\System32\CTsvcCDA.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\System32\MsPMSPSv.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Ahead\InCD\InCD.exe
E:\Program Files\The Cleaner\tca.exe
E:\Program Files\The Cleaner\tcm.exe
E:\Program Files\AVPersonal\AVGNT.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\ICQPlus\vplus.exe
E:\WINNT\system32\ctfmon.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\ICQ\Icq.exe
E:\Program Files\uw2000\Uw2000.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\WinMX\WinMX.exe
E:\Program Files\Winamp\winamp.exe
E:\Downloads\Hijack This\HijackThis 1.97.7.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DEA5C90-A2E3-B89C-3773-071F4B9F89C7} - (no file)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [tcactive] E:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] E:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [AVGCtrl] E:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ICQ Plus] "E:\Program Files\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ] E:\Program Files\ICQ\Icq.exe -trayboot
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: plugin131.trace
O4 - Global Startup: ntuser.pol
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing
O12 - Plugin for .bcf: E:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7934.0047800926
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 29 June 2004 - 04:02 PM

The only thing wrong in your log, is an orphaned registry entry.
O2 - BHO: (no name) - {1DEA5C90-A2E3-B89C-3773-071F4B9F89C7} - (no file)


What problems are you having?
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 ak_hip

ak_hip

    Member

  • New Member
  • Pip
  • 3 posts

Posted 29 June 2004 - 04:09 PM

what does that mean?
should i delete the O2 line?
please explain~

and what about these problems -->

O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: plugin131.trace
O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing

#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 29 June 2004 - 04:33 PM

The O2 can be fixed using Hijack this.

The O4 entries may, or may not be bad. Is this computer using a non-western character set?

The O10 entry is certainly NOT bad. DO NOT,, under any circumstances try fixing that with Hijack this.!

What problems are you having?
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 ak_hip

ak_hip

    Member

  • New Member
  • Pip
  • 3 posts

Posted 02 July 2004 - 02:45 AM

so i should check the O2 and fix it with hijackthis~
about the O4 problem...i am using a chinese version of windows 2000~
the fonts are in chinese language~
so would that be a problem?

#6 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 02 July 2004 - 05:01 PM

The chinese character set is not recognised correctly by Hijack this.
That leads to a problem with the O4 startups not being recognised correctly.

The O2 should be fixed. ( it does not actually do anything, it's just an orphaned registry entry)
Apart from that, it's a clean log. Are you having problems?
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button