A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Windows XP Help and Support
Reload this Page Interpretation of HijackThis Logfile
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Interpretation of HijackThis Logfile


« Previous Thread | Next Thread »

 
 
Thread Tools Display Modes
  #1  
Old August 26th 04, 05:52 AM
Cgale40 Cgale40 is offline
Registered User
  
First recorded activity by PCbanter: Aug 2004
Posts: 1
Default Interpretation of HijackThis Logfile
Hello,

I did a scan of my system and this is the results(below).
I have no way of interpreting them myself.
Please, if anyone can help.
I need to know which ones are harmful and should be deleted.
I am having problems opening up Internet Explorer.
Apparently something is disabling the browser.
Any help will be greatly appreciated.





Logfile of HijackThis v1.97.7
Scan saved at 11:35:50 PM, on 8/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\w





anmpsvc.exe
C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\0l8yzcq337ad.exe
C:\WINDOWS\System32\wpameter.exe
C:\WINDOWS\system32\winpx.exe
C:\Program Files\Washer\washer.exe
C:\WINDOWS\System32\srsev23.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\PROGRA~1\COMPUS~1.0\wcs2000.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\syssg.exe
C:\Documents and Settings\Celeste Gale\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\owzbw.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F27F1D27-3CF0-21F4-CC05-4594BE098CBB} - C:\WINDOWS\javasq32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [0l8yzcq337ad] C:\WINDOWS\system32\0l8yzcq337ad.exe
O4 - HKLM\..\Run: [m3yN0ut] C:\documents and settings\michael mcgary\local settings\temp\m3yN0ut.exe
O4 - HKLM\..\Run: [jXaC5l] C:\documents and settings\michael mcgary\local settings\temp\jXaC5l.exe
O4 - HKLM\..\Run: [9TK5dDXE] C:\documents and settings\michael mcgary\local settings\temp\9TK5dDXE.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [4CRY#ZW5HY8NSJ] C:\WINDOWS\System32\FepP.exe
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [zvravbagzrp] C:\WINDOWS\System32\vsyeuiw.exe
O4 - HKLM\..\Run: [w3FT37Q] wpameter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [winpx.exe] C:\WINDOWS\system32\winpx.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [0l8yzcq337ad] C:\WINDOWS\system32\0l8yzcq337ad.exe
O4 - HKCU\..\Run: [h0w3RXc8X] srsev23.exe
O4 - HKCU\..\Run: [sex] C:\WINDOWS\System32\sexxx.exe
O4 - HKCU\..\Run: [Taca] C:\Documents and Settings\Celeste Gale\Application Data\rttr.exe
O4 - HKCU\..\Run: [Pcfck] C:\WINDOWS\System32\oiqiyk.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKLM\..\RunOnce: [osxio] C:\WINDOWS\ocmsn.logsxio
O4 - HKLM\..\RunOnce: [atlor32.exe] C:\WINDOWS\system32\atlor32.exe
O4 - HKLM\..\RunOnce: [systb32.exe] C:\WINDOWS\system32\systb32.exe
O4 - HKLM\..\RunOnce: [appar32.exe] C:\WINDOWS\appar32.exe
O4 - HKLM\..\RunOnce: [syssg.exe] C:\WINDOWS\syssg.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/xjust/online.chm::/on-line.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Q8276112.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...e1e2729109a237
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D04CFE8-CCD3-4F3C-9FC6-78581F4EAA56}: NameServer = 151.164.1.8 151.164.30.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{85FD29AD-A497-45B8-B6D9-30475818AC87}: NameServer = 205.188.146.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0094D2B-5F02-4D4A-AE1E-082D8275CFF2}: NameServer = 206.13.28.12,203.13.31.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{5D04CFE8-CCD3-4F3C-9FC6-78581F4EAA56}: NameServer = 151.164.1.8 151.164.30.105
O17 - HKLM\System\CS2\Services\Tcpip\..\{5D04CFE8-CCD3-4F3C-9FC6-78581F4EAA56}: NameServer = 151.164.1.8 151.164.30.105
Ads
 



« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
HijackThis question for IE hijacker Crissi Security and Administration with Windows XP 4 July 30th 04 06:59 PM
HijackThis question for IE hijacker Crissi Security and Administration with Windows XP 2 July 30th 04 02:07 PM
HijackThis question for IE hijacker Crissi Security and Administration with Windows XP 2 July 30th 04 08:01 AM
HELP ERROR CODE INTERPRETATION NEEDED SNUGGLEBUGG Windows XP Help and Support 9 July 30th 04 12:25 AM
hijackthis notepad Hilary Karp General XP issues or comments 0 July 20th 04 04:44 PM






All times are GMT +1. The time now is 08:35 AM.

Feed Icon - Contact Us - Windows XP Help Forum home - FAQ - Links - Privacy Statement - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Copyright ©2004-2023 PCbanter.
The comments are property of their posters.