Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

examine my hijackthis log, Please 1

Status
Not open for further replies.
bkast3

bkast3

MIS
Oct 28, 2002
19
US
I have tried several solutions to clean up this machine and have failed. Can you please examine this hijackthis log and let me know what to get rid of. The problem is that when logging on to IE my machine continues to try and hit several sites. I have run cwshredder, adaware se, spybot, stinger, msantispyware, ewido (could not get the latest signitures due to my connection but it still found 112 files or entries). Please check out this hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 9:53:28 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Administrator.DARLENE-D6IT0QS\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\apwiz.dll
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
 
Sort by date Sort by votes
mark this one and click fix checked. By the way this appears you ran in safe mode. If you can run the hijackthis log in normal mode.

O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\apwiz.dll
 
Upvote 0 Downvote
I did run hijack this in normal mode. I deleted what you said and it allowed ie to act normal. I now updated all programs and am going to run all of the tools I have again. I tried going to housecall.microtrend.com and it just kept running and running in idle mode. It said that it was transferring data but nothing was happening for at least 10 minutes. If you have any other suggestions let me know. Is there any other way I can learn which entries to fix in hijackthis other than the process of elimination? I will watch for another post from you to advise on my next step. I am having many people needing there machines looked at since the begining of January. All spyware, malware, and virus related. Is there one product that after the machine is clean that is recommended to keep it secure (ie Macafee or something)?
 
Upvote 0 Downvote
Well I personally dont reccomend mcaffee or norton, my opinion is there not to great but that is my opinion. As for programs of cleaning computers theres many. Ill give you a nice big list of things to use. Also ill give you links on how to read hijackthis logs.

(hijackthis tutorial)

Adaware personal (spyware remover)

Firefox(reccomend this browser over internet explorer, much more secure)

Spybot

Ewido(anti-trojan,anti-spyware,anti-malware etc.., only works on 2000 and xp though but very very good program)

avast antivirus free

avg free antivirus

antivir antivirus

Killbox ( good for removing stubborn files that dont want to stop running)

Unlocker ( use this to see what processes are running on a certain folder or file and then end them)

Housecall ( good online virus scanner , works only with firefox or internet explorer, i reccomend getting firefox and then running this housecall if you can)

As for one product doing everything I dont ever try to rely on one product, i rely on a few . Anyways heres some programs i figured you might find interesting or useful. Enjoy
 
Upvote 0 Downvote
Thanks for the info. I am going to review it at my leasure and hopefully learn how to detect these unwanted files. Again thanks for the help. I may need to post another log sometime next week, I will start another thread at that point. Sincerely. Brian.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

moveit
  • Locked
  • Question
Firefox will not let me sign in to my Tesco account
Replies
4
Views
371
teknance
teknance
mmerlinn
  • Locked
  • Helpful tip
Google prevents me from accessing my profile
Replies
1
Views
62
guitarzan
guitarzan
BobMCT
  • Locked
  • Question
Looking for suggestions to regain control of all my browsers? 1
Replies
14
Views
192
1DMF
1DMF
sthorne1271
  • Locked
  • Question
ActiveX Install Issue - Need help Please !!
Replies
2
Views
87
sthorne1271
sthorne1271
goombawaho
  • Locked
  • Question
Comcast login - auto filled account is not mine
Replies
9
Views
115
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top