Jump to content


hijack this log

  • Please log in to reply
1 reply to this topic

#1 wonton



  • Full Member
  • Pip
  • 3 posts

Posted 04 July 2004 - 02:19 AM

Hi, please help me! I have no idea what's wrong. Everytime I use explorer, I will eventually lose control of the cursor and it goes to the start tab and randomly clicks. It will open up folders, but I'm not sure exactly what it's trying to do. Here's my hjt log and my active ports log.

Logfile of HijackThis v1.97.7
Scan saved at 5:00:25 PM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FBM Software\ZeroAds\Zeroads.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\FirstClass\Fcc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Won Kim\My Documents\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ZeroAdsLAS] C:\Program Files\FBM Software\ZeroAds\LAS0Ads.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [ADSpider] C:\Program Files\ADSPider\ADSpider.exe /start
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ZeroAds] C:\Program Files\FBM Software\ZeroAds\Zeroads.exe
O4 - HKCU\..\Run: [SSPFRWL] "C:\Program Files\SurfSecret\Personal Firewall\sspfwtry2.exe" /minimize
O4 - Startup: ModemBoost.lnk = C:\Program Files\ModemBoost\mbdemo.htm
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Inbox To Go Wireless.lnk = C:\Program Files\Common Files\DataViz\Inbox To Go\inboxtogo-watch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Convert for CLIE - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'fbm.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Empas Filebox Control) - http://filebox.empal...mpasFilebox.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/p...13/invinstl.exe
O16 - DPF: {68C56780-1573-4836-A3F9-3D5219E49BE1} (PopdramaQLauncher Class) - http://appupdate.pop...ad/DramaQAx.cab
O16 - DPF: {957F8EA8-8F82-4220-AC1D-00B2DC19A98A} (Ibcd_kbsCtrl Class) - http://img.kbs.co.kr/ib/ibcd_kbs.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.scona.co...tivexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.ho...ex/HMAtchmt.ocx

Here's my active ports list:

System 4 138 LISTEN UDP
System 4 137 LISTEN UDP
System 4 445 LISTEN UDP
System 4 139 LISTEN TCP
System 4 1026 LISTEN TCP
System 4 445 LISTEN TCP
lsass.exe 604 500 LISTEN UDP C:\WINDOWS\system32\lsass.exe
msmsgs.exe 608 15488 LISTEN UDP C:\Program Files\Messenger\msmsgs.exe
msmsgs.exe 608 8381 LISTEN UDP C:\Program Files\Messenger\msmsgs.exe
msmsgs.exe 608 3287 LISTEN UDP C:\Program Files\Messenger\msmsgs.exe
msmsgs.exe 608 7584 LISTEN TCP C:\Program Files\Messenger\msmsgs.exe
svchost.exe 852 135 LISTEN TCP C:\WINDOWS\system32\svchost.exe
svchost.exe 912 123 LISTEN UDP C:\WINDOWS\System32\svchost.exe
svchost.exe 912 3003 LISTEN TCP C:\WINDOWS\System32\svchost.exe
svchost.exe 912 3002 LISTEN TCP C:\WINDOWS\System32\svchost.exe
svchost.exe 912 1025 LISTEN TCP C:\WINDOWS\System32\svchost.exe
Explorer.EXE 948 3026 LISTEN UDP C:\WINDOWS\Explorer.EXE
svchost.exe 984 3004 LISTEN UDP C:\WINDOWS\System32\svchost.exe
svchost.exe 1012 1900 LISTEN UDP C:\WINDOWS\System32\svchost.exe
svchost.exe 1012 5000 LISTEN TCP C:\WINDOWS\System32\svchost.exe
alg.exe 1440 3001 LISTEN TCP C:\WINDOWS\System32\alg.exe
ccApp.exe 1852 3013 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccApp.exe 1852 3012 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccApp.exe 1852 3011 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccApp.exe 1852 3010 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe
iexplore.exe 4088 3143 LISTEN UDP C:\Program Files\Internet Explorer\iexplore.exe
thank you!

#2 PGPhantom


    Superman of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 3,494 posts

Posted 31 August 2004 - 03:41 PM

  • HijackThis ...
    • Double click on "My Computer" to open it.
    • Double click on the local "C-Drive" to open it.
    • Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT.
    • Please download HijackThis from any of the following locations:
    • spywareinfo.com
    • subratam.org
    • tools.zerosrealm.com
  • Install/Unzip it into C:\HJT.
  • Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.
  • Run HijackThis, click on scan and wait for the scan to finish.
  • The "Scan" button will change to "Save Log", click on it and simply press "Save" on the window that will appear.
  • Notepad will open with a copy of the log.
    • Click on "Edit" => "Select All".
    • Click on "Edit" => "Copy". This will copy the contents of the Notepad instance to the clipboard.
  • Please post your entire log here for analysis.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!