Jump to content

My HiJackThis log

coldvenom

By coldvenom
in Tech and Computers

 Share

Recommended Posts

coldvenom

coldvenom

Posted
Posted

here is my hijackthis log, please tell me what to keep and what to remove.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1



Scan saved at 4:57:55 PM, on 12/10/2005



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\ACS[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\Program Files\Toshiba\Power Management\CeEPwrSvc[Caution: ExecutableFile]



C:\Program Files\TOSHIBA\ConfigFree\CFSvcs[Caution: ExecutableFile]



C:\WINDOWS\system32\DVDRAMSV[Caution: ExecutableFile]



C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor[Caution: ExecutableFile]



C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]



C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



c:\TOSHIBA\Ivp\Swupdate\swupdtmr[Caution: ExecutableFile]



C:\Program Files\Bonjour\mDNSResponder[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]



C:\Program Files\TOSHIBA\Power Management\CePMTray[Caution: ExecutableFile]



C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile]



C:\Program Files\ltmoh\Ltmoh[Caution: ExecutableFile]



C:\WINDOWS\AGRSMMSG[Caution: ExecutableFile]



C:\Program Files\Apoint2K\Apoint[Caution: ExecutableFile]



C:\Program Files\TOSHIBA\E-KEY\CeEKey[Caution: ExecutableFile]



C:\WINDOWS\System32\ZoomingHook[Caution: ExecutableFile]



C:\Program Files\TOSHIBA\TouchPad\TPTray[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]



C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile]



C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile]



C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]



C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd[Caution: ExecutableFile]



C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]



C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



C:\Program Files\Apoint2K\Apntex[Caution: ExecutableFile]



C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



C:\WINDOWS\system32\RAMASST[Caution: ExecutableFile]



C:\toshiba\ivp\ism\ivpsvmgr[Caution: ExecutableFile]



C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem[Caution: ExecutableFile]



C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]



C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]



C:\Documents and Settings\Nick Sylva\My Documents\HijackThis\HijackThis[Caution: ExecutableFile]







R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search



R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll



R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)



F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit[Caution: ExecutableFile]



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx



O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll



O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll



O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll



O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll



O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll



O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll



O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll



O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll



O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll



O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile]



O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint[Caution: ExecutableFile]



O4 - HKLM\..\Run: [NDSTray[Caution: ExecutableFile]] NDSTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey[Caution: ExecutableFile]



O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger[Caution: ExecutableFile] /run



O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup[Caution: ExecutableFile]



O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [stopSignSsTsMon] Rundll32[Caution: ExecutableFile] "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus



O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd[Caution: ExecutableFile]



O4 - HKCU\..\Run: [ctfmon[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]



O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background



O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background



O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl[Caution: ExecutableFile]" -winstart



O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt[Caution: ExecutableFile]



O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile]



O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]



O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST[Caution: ExecutableFile]



O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: ExecutableFile]/3000



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll



O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll



O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll



O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com



O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204



O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab



O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab



O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab



O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab



O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD28375-5F1E-4B1C-9270-BB924B25B801}: NameServer = 207.69.188.187 207.69.188.186



O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll



O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS[Caution: ExecutableFile]



O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]



O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder[Caution: ExecutableFile]



O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]



O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]



O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]



O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc[Caution: ExecutableFile]



O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs[Caution: ExecutableFile]



O23 - Service: DVD-RAM_Service - Matsu[cabbage]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV[Caution: ExecutableFile]



O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor[Caution: ExecutableFile]



O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]



O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]



O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]



O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]



O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]



O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr[Caution: ExecutableFile]



O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

cv2.gif

sig by me avatar by: born2die

My Website -> Coldvenom.CO.NR <- My Website

Link to comment
Share on other sites
coltm4carbine

coltm4carbine

Posted
Posted

looks good only some orphaned reg entries. I am on holiday so i don't have any canned speech or tools with me.

 

 

 

 

 

 

 

please disconnect from the internet, close all programs and re-scan HJT.

 

 

 

 

 

 

 

Then fix these:

 

 

 

 

 

 

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

 

 

 

O4 - HKLM\..\Run: [stopSignSsTsMon] Rundll32.e3e (CAUTION - executable file) "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus <-optional. IMHO not the best thing to have. It was a rogue for doing driveby downloads on ur pc.

 

 

 

 

 

 

 

then reboot your computer

 

 

 

 

 

 

 

go into normal mode and go to add/ remove program.

 

 

 

 

 

 

 

remove

 

 

 

 

 

 

Stop sign

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept