Hijack This Logfile - anything to worry about?

  Qdiddy 22:05 07 Nov 04
Locked

I often see the panel of experts on here suggesting the use of hijack this and posting the logfile. I now have a logfile and would like to know if there is anything to worry about in it?

Should I post it directly on this thread or is there some other protocol I should follow?

Many thanks.

  VoG II 22:07 07 Nov 04

Please post it here. You will need to post it in "chunks" because of the 800 word limit on this site.

Also, please double-space it - add a blank line every other line.

  Qdiddy 22:17 07 Nov 04

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.Windowsupdate.microsoft.com;
*.Windowsupdate.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

  Qdiddy 22:17 07 Nov 04

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - click here

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - click here

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - click here

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - click here

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - click here

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - click here

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - click here

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - click here

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - click here

O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - click here

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - click here

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - click here

O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - click here

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - click here

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - click here

O16 - DPF: {F0A283CD-D316-11D3-A53B-005004678019} (McAfee PC Clinic FileWipe Class) - click here

  Qdiddy 22:22 07 Nov 04

Cheers VOG.

  VoG II 22:28 07 Nov 04

I can't see anything of concern. Please wait for Nellie2's opinion.

I much know!

  gudgulf 22:41 07 Nov 04

Is there any reason you are particularly concerned or is this posted "just in case" ?


I also see nothing untoward but some forums have cited O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) as an item for removing.


Agree with VoG™....wait for one who knows to answer definitively.

  Qdiddy 22:48 07 Nov 04

Gudgulf,

No particular concern really. I had some trouble last week (solved yet again with the help of the forum) and when looking for possible solutions I often see reference to hijack this, so I thought I would give it a try.

I run AVG (recently changed from Mcafee clinic), Adaware, Spybot, Spyware Blaster,and Sygate so I feel pretty secure, but thought I would just let someone have a nose at this for added peace of mind.

  Qdiddy 23:12 07 Nov 04

Off to bed now. Will check for replies in the AM. thanks all.

  Nellie2 18:15 08 Nov 04

You didn't post the very top bit of the log.. it is important as it tells me your O/S, where you are with your updates and what version of hijackthis you are using.

  Qdiddy 20:36 09 Nov 04

Nellie2,

Here is the header for the log file.

Logfile of HijackThis v1.97.7
Scan saved at 21:56:49, on 07/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Thanks.

This thread is now locked and can not be replied to.

iPhone 7 review: a range of small updates add up to an excellent phone

1995-2015: How technology has changed the world in 20 years

How New York’s Stylin’ Seniors became a golden social media campaign

23 Apple Watch tips & secret features: Master your Apple Watch, Apple Watch Series 1 or Apple…