Jump to content


Photo

my hijacklog


  • Please log in to reply
19 replies to this topic

#1 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 22 July 2004 - 06:42 AM

Logfile of HijackThis v1.97.7
Scan saved at 7:31:04 AM, on 7/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Apoint\Apntex.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Windows XP User\Desktop\HijackThis-1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [McAgentexe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [McUpdateexe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8189.5807523148

Edited by glenn2003, 22 July 2004 - 12:35 PM.


#2 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 22 July 2004 - 02:14 PM

Hi there.

Please do this first;

You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar) like this C:\HJT\HijackThis.exe. Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop.

Next;

Update HijackThis to version 1.98
run HijackThis
select config> misc tools and select "update online". then yes.
Run a scan and post a new Hijackthis log after you are done.


#3 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 22 July 2004 - 05:00 PM

Hi there.

Please do this first;

You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar) like this C:\HJT\HijackThis.exe. Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop.

Next;

Update HijackThis to version 1.98
run HijackThis
select config> misc tools and select "update online". then yes.
Run a scan and post a new Hijackthis log after you are done.

It's not spreading back up icons on my desktop. But if you think it's a good idea to put hijackthis in a new folder, then I will, however, I have several questions, you said,

"Then extract hijackthis into the folder you have created and run it from there."

How do you "extract" it into the folder??? Do i just drag the hijackthis icon from the desktop into the new folder??? Or do I have to find where I originally put the hijackthis when i first installed it. If so, I can't find it or not sure how to locate it. Sorry, I'm not familiar with this stuff, if you could explain further, I would appreciate it, thank you.

Oh, also I accidently installed hijackthis two times, since I have two icons on my desktop, should I just highlight and delete one of them???

Edited by glenn2003, 22 July 2004 - 05:03 PM.


#4 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 22 July 2004 - 05:48 PM

Hi there,

Backups are not made until a fix is done, so currently there will be none.

Ok lets sort this for you, create a New folder in your My Documents folder, so it will then be like this C:\My Documents\HJT\HijackThis.exe. Next go to the folder where HijackThis is, right click over HijackThis and select cut, go to the new folder you created and paste HijackThis in there. Now delete the 2 desktop/or where you put the other copy/copies you have. Then run the updated version please.

#5 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 22 July 2004 - 06:28 PM

Not sure if something is wrong with my Dos system, but after downloading the new version of hijackthis, i clicked on it, and it pops up what looks like a black box (like the place where you write your dos) but it just appears for a short instance, and then dissappears. Weird.

#6 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 22 July 2004 - 06:31 PM

Hi there,

I would suggest you delete the new copy and download it again.

#7 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 22 July 2004 - 07:54 PM

Before I go thru the process again, i have a question......

When I Update HijackThis to version 1.98, do I put it in the same New folder you told me to make? You know the one you told me to put the other hijackthis in?? Or do I put the 1.98 band new version in another new folder???

#8 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 22 July 2004 - 07:55 PM

Hi there,

I would advise deleting the other version, so that the new copy is in it's own folder.

#9 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 22 July 2004 - 08:52 PM

Logfile of HijackThis v1.98.0
Scan saved at 3:50:49 PM, on 7/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Apoint\Apntex.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Documents and Settings\Windows XP User\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [McAgentexe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [McUpdateexe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

#10 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 22 July 2004 - 09:16 PM

Hi there,

I find nothing suspicious on your log, are you having any specific problems?

#11 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 22 July 2004 - 09:28 PM

Hi there,

I find nothing suspicious on your log, are you having any specific problems?

Oh no, nothing. I was just wondering if their was something bad in my log. By the way, I'm using Mozilla browser. Do you think that helps in preventing viruses and spyware from entering my computer compared to the internet explorer??

#12 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 22 July 2004 - 09:54 PM

Hi there,

Yes Mozilla is very popular and recommended, but I don't see it on your log, I see IE. To help protect your system from abuse when using IE do this;


To provide future protection - I would advise you to download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

IE-SPYAD puts over 5000 sites in your restricted zone, if you use IE, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download
Here

Both are very small free programs that you run once, and then just weekly to check for updates.

#13 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 22 July 2004 - 11:59 PM

thanks!! i really appreciate that! ;)

#14 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 23 July 2004 - 12:15 AM

You are very welcome :wave:

#15 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 31 July 2004 - 03:42 AM

deleted

Edited by glenn2003, 01 August 2004 - 07:55 AM.


#16 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 31 July 2004 - 09:35 AM

Hi there,

I think the short answer to this is that your DVD player, probably not a recently bought one, is not compatable with VCD's. If the VCD is a copy, that may be a factor too.

#17 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 01 August 2004 - 03:11 AM

Hi there,

I think the short answer to this is that your DVD player, probably not a recently bought one, is not compatable with VCD's. If the VCD is a copy, that may be a factor too.

I recentlty bought my dvd a year ago. It can't play super video stuff, but it can play regular video stuff. I did make cds on my comp and played it on my dvd player so it can do this, but i forgot how i did it. I know i downloaded a converter from the net, and then did something, but i forgot.

The vcd is a copy, but i can copy that vcd on my computer, and is there anyway i can convert it to a format in which i can copy it back on another cd that will play on my dvd player. Sorry, i hope you guys understand what I'm talking about, please help.

#18 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 01 August 2004 - 03:35 AM

Hi there,

I am sorry I cannot give you a definitive answer on this, but try posting your question here

#19 glenn2003

glenn2003

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 01 August 2004 - 07:56 AM

Another question....

Someone said to download 'Regsupreme' to clean my registry.

It found 746 items. Should I check and "fix" them all ????

Nothing will go wrong when I do this would it??

#20 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 01 August 2004 - 10:14 AM

Hi there,

Having had no personal experience with Regsupreme, I cannot comment on the performance. I have no recollection of a discussion on here about it either. Again I would suggest posting your question in the Software forum, where someone with experience of the software may be able to give you further advice. It may be best to say whether you have a trial version or you have purchased it :wave:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button