coldvenom Posted April 8, 2006 Share Posted April 8, 2006 Hey can someone please tell me what to remove and what to keep from this: Logfile of HijackThis v1.99.1 Scan saved at 8:34:05 AM, on 4/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\ACS[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\Program Files\Toshiba\Power Management\CeEPwrSvc[Caution: Executable File] C:\Program Files\TOSHIBA\ConfigFree\CFSvcs[Caution: Executable File] C:\WINDOWS\system32\DVDRAMSV[Caution: Executable File] C:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File] C:\Program Files\Norton AntiVirus\SAVScan[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] c:\TOSHIBA\Ivp\Swupdate\swupdtmr[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File] C:\Program Files\TOSHIBA\Power Management\CePMTray[Caution: Executable File] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] C:\Program Files\ltmoh\Ltmoh[Caution: Executable File] C:\WINDOWS\AGRSMMSG[Caution: Executable File] C:\Program Files\Apoint2K\Apoint[Caution: Executable File] C:\Program Files\TOSHIBA\E-KEY\CeEKey[Caution: Executable File] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView[Caution: Executable File] C:\WINDOWS\System32\ZoomingHook[Caution: Executable File] C:\Program Files\TOSHIBA\TouchPad\TPTray[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File] C:\WINDOWS\system32\igfxtray[Caution: Executable File] C:\WINDOWS\system32\hkcmd[Caution: Executable File] C:\Program Files\iTunes\iTunesHelper[Caution: Executable File] C:\Program Files\QuickTime\qttask[Caution: Executable File] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd[Caution: Executable File] C:\Program Files\iPod\bin\iPodService[Caution: Executable File] C:\Program Files\Messenger\msmsgs[Caution: Executable File] C:\Program Files\Apoint2K\Apntex[Caution: Executable File] C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File] C:\WINDOWS\system32\RAMASST[Caution: Executable File] C:\toshiba\ivp\ism\ivpsvmgr[Caution: Executable File] C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File] C:\Documents and Settings\Owner\Desktop\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/ O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray[Caution: Executable File] O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh[Caution: Executable File] O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: Executable File] O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint[Caution: Executable File] O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey[Caution: Executable File] O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView[Caution: Executable File] O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook[Caution: Executable File] O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray[Caution: Executable File] O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File] O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger[Caution: Executable File] /run O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd[Caution: Executable File] O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]" /background O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save[Caution: Executable File]" O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent[Caution: Executable File] O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController[Caution: Executable File] O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: Executable File] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File] O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST[Caution: Executable File] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS[Caution: Executable File] O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File] O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: Executable File] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File] O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc[Caution: Executable File] O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs[Caution: Executable File] O23 - Service: DVD-RAM_Service - Matsu[cabbage]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File] O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: Executable File] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: Executable File] O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr[Caution: Executable File] O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File] thanks! sig by me avatar by: born2dieMy Website -> Coldvenom.CO.NR <- My Website Link to comment Share on other sites More sharing options...
Albosky Posted April 8, 2006 Share Posted April 8, 2006 O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.e3e (CAUTION - executable file)" Thats a definate that needs to go, http://www.spywaredb.com/remove-whenusave/ I like to fart silently but deadly in movie theatersArd Choille says (11:41 PM):I wouldn't dare tell you what to do m'dear Link to comment Share on other sites More sharing options...
WutangFlu Posted April 8, 2006 Share Posted April 8, 2006 ty for reminding me.. i need to post mine. Link to comment Share on other sites More sharing options...
coldvenom Posted April 8, 2006 Author Share Posted April 8, 2006 O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.e3e (CAUTION - executable file)" Thats a definate that needs to go, http://www.spywaredb.com/remove-whenusave/ thanks much, if you see anything more please tell me sig by me avatar by: born2dieMy Website -> Coldvenom.CO.NR <- My Website Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now