a hijack this log> what should i remove? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 02-01-2004, 06:49 PM   #1 (permalink)
Ultra Techie
 
Join Date: Oct 2003
Posts: 934
Default a hijack this log> what should i remove?

heres a log of all the things hijack came up with

can someone help me out and tell me what i should remove and what i should keep?

thx a bunch.

Logfile of HijackThis v1.97.7
Scan saved at 6:48:38 PM, on 2/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\Plus2\MsgPlus.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\oasfbwer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Nbi1.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AproposClient\Apropos.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = <local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.ebay.ca"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\2wdzoxze.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins% 5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\2wdzoxze.slt\prefs.j s)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {975c5da7-01d2-4bfc-843b-608150e7a58a} - C:\DOCUME~1\ADMINI~1\APPLIC~1\aiepcknoee.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: bwwshdrorop - {ed817cdc-b1e1-477c-bb05-b3d03ffe95a3} - C:\DOCUME~1\ADMINI~1\APPLIC~1\aiepcknoee.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger\Plus2\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
__________________

__________________
<font face=arial><h1>spfdz - NEVER FORGET</h1></font>
spfd is offline  
Old 02-02-2004, 05:11 AM   #2 (permalink)
Super Techie
 
Join Date: Nov 2003
Posts: 415
Default

give a man a fish he eats for a day, teach a man to fish and he eats for a lifetime. lol
http://www.merijn.org/htlogtutorial.html
__________________

__________________
Fear is nothing but the anticipation of pain, be it physical, mental, spiritual or emotional.
specs.
Athlon XP 2200+ oc\'ed @ 1.93ghz
MSI ms-6738
768mb ddr2100
Nvidia mx420 :(
60gig maxtor 7200rpm
Dual boot with Mandrake 10.0 and Win XP Pro sp2
neversleeps is offline  
Old 02-03-2004, 08:22 AM   #3 (permalink)
True Techie
 
Join Date: May 2003
Posts: 221
Default Re: a hijack this log> what should i remove?

Rescan and put a check next to each of these then close all browser windows and clcik "fix checked"



O2 - BHO: (no name) - {975c5da7-01d2-4bfc-843b-608150e7a58a} - C:\DOCUME~1\ADMINI~1\APPLIC~1\aiepcknoee.dll

O3 - Toolbar: bwwshdrorop - {ed817cdc-b1e1-477c-bb05-b3d03ffe95a3} - C:\DOCUME~1\ADMINI~1\APPLIC~1\aiepcknoee.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


Are you also aware of there being restrictions on internet explorer ?
mobo is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 12:15 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.