TechSpot

Advice On HIJACK THIS LOG

By hood5555
Aug 30, 2004
Topic Status:
Not open for further replies.
  1. Hello

    Im new to techspot
    i need advice on my HIJACK THIS LOG

    its a bit confusing

    Logfile of HijackThis v1.98.2
    Scan saved at 10:27:20 PM, on 30/08/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\WINDOWS\System32\wisptis.exe
    C:\WINDOWS\system32\ntvdm.exe
    D:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
    C:\Documents and Settings\GHAR\My Documents\HIJACK\HijackThis19802.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sb/*[url]http://www.yahoo.com/search/ie.html[/url]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*[url]http://www.yahoo.com[/url]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...l]http://www.yahoo.com/ext/search/search.html[/url]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*[url]http://www.yahoo.com[/url]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - D:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [WinPatrol] D:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (HKCU)
    O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (HKCU)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1092320346781
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://pakdata.com/download/PDMSInstaller.cab
    O16 - DPF: {A67A5721-6834-11D3-A646-00500428A547} (DAVIconMod Class) - https://dc1.dawsoncollege.qc.ca/webdav/html/DAVIcons.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C7B151F1-F39B-482F-9AF0-3A7EC86BA911}: NameServer = 206.47.244.135 206.47.244.109


    thanks to anyone hows trying to help me out
    :) :) :)
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Welcome to TechSpot

    Your PC looks quite healthy.
    To be sure to be sure:
    D/L and run www.lavasoft.de 's Adaware as well as
    Spybot S&D from http://www.safer-networking.org/en/index.html

    Do the web-updates first on both programs after you install them, then run them.
    Let them clean out what they can, they will not remove any normal program stuff.

    WISPTIS.EXE is a Windows component that is effectively a tablet driver for tablet PCs. If you install Adobe Acrobat, Office 2003 or Windows Journal Viewer, it forces this to load and it then runs rampant. The best way to remove it is to use Acrobat Speedup which removes loads of other crap at the same time.
    http://fileforum.betanews.com/detail/1069854583/1

    ntvdm.exe
    Process Name: Windows 16-bit Virtual Machine
    Description: The Windows Virtual Machine for 16-bit Windows and Dos programs is used to run dos programs and old Windows programs inside a virtual machine
    If you don't run any 16-bit programs, you can safely disable it from the startuplist.

    Spy/Adware:
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    Let HijackThis clean up the above O3 entry plus all your O16 - DPF: entries.
  3. hood5555

    hood5555 TS Rookie Topic Starter Posts: 20

    Thank you realblackstuff

    I Appreciate your kindness
  4. Deuce

    Deuce TS Rookie

    My log file

    Hey. Im new here too, but i just wanted to make sure that my log file is ok...and if its not, then which should i remove? I also have a problem with this search bar that automatically downloaded. Also, I am unable to edit my Favorites on IE. THere is all this crud there that I cannot get rid of. any advice.?
    You can email me to let me know please! (sorry I have to do this in two parts. the log file is quite long)


    Logfile of HijackThis v1.99.0
    Scan saved at 10:03:35 PM, on 23/01/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\CMEII\CMESys.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Common Files\GMT\GMT.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\WISPTIS.EXE
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
    C:\DOCUME~1\Sarah\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    (argh. it wont allow me to put the rest of the log file in because it has we addresses... what shoudl do?)
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

  6. jbazan

    jbazan TS Rookie

    I have run an strange exe!!!

    Hi, I have run an exe waiting for an screen saver installation and it doesn't seem to be a screen saver, maybe you can help me with an hijacthis advice:

    Logfile of HijackThis v1.99.0
    Scan saved at 03:51:56 p.m., on 25/01/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Archivos de programa\HyperTechnologies\Deep Freeze\DfServEx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
    C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
    C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
    C:\Archivos de programa\Yahoo!\Messenger\ypager.exe
    C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Archivos de programa\MSI\Core Center\CoreCenter.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\DOCUME~1\jbazan\CONFIG~1\Temp\Directorio temporal 1 para hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=013005 serial=dr12wes-3007622-euw lang=ES
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Archivos de programa\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: CoreCenter.lnk = C:\Archivos de programa\MSI\Core Center\CoreCenter.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Páginas similares - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Páginas vinculadas - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
    O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Archivos de programa\HyperTechnologies\Deep Freeze\DfServEx.exe
    O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Registro de sucesos - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Escritorio remoto compartido de NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Registros y alertas de rendimiento - Unknown - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Telnet - Unknown - C:\WINDOWS\System32\tlntsvr.exe
    O23 - Service: Instantáneas de volumen - Unknown - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Adaptador de rendimiento de WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe


    Thanks in advance...
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.