Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HijackThis log 1

Status
Not open for further replies.
colinrharris

colinrharris

Technical User
Oct 24, 2002
98
GB
I have run Ad-Aware, Spybot and CoolWebShredder but still have problems. Would someone please evaluate this HijackThis log for me.

Thanks

Logfile of HijackThis v1.97.7
Scan saved at 18:32:45, on 30/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Cedric\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] wininigo.exe
O4 - HKLM\..\Run: [Microsoft Update 1Machine1] wuamgrd65.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [5941DF80] C:\WINDOWS\System32\ztjmatumxpry.exe
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\Run: [Windows Media Player Update] raikxoh.exe
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Spool Server] spoolsv64.exe
O4 - HKLM\..\Run: [mswork Service] mswork.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~2\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wininigo.exe
O4 - HKLM\..\RunServices: [Microsoft Update 1Machine1] wuamgrd65.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [673B495B] C:\WINDOWS\System32\ztjmatumxpry.exe
O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\RunServices: [Windows Media Player Update] raikxoh.exe
O4 - HKLM\..\RunServices: [Spool Server] spoolsv64.exe
O4 - HKLM\..\RunServices: [mswork Service] mswork.exe
O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] wininigo.exe
O4 - HKCU\..\Run: [Microsoft Update 1Machine1] wuamgrd65.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Windows Media Player Update] raikxoh.exe
O4 - HKCU\..\Run: [Spool Server] spoolsv64.exe
O4 - HKCU\..\Run: [mswork Service] mswork.exe
O4 - HKCU\..\RunServices: [Windows Media Player Update] raikxoh.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O15 - Trusted Zone: *.Sony-europe.com
O15 - Trusted Zone: *.Sonystyle-europe.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
 
Sort by date Sort by votes
1. Switch off system restore as you are running Windows XP
2. Have HijackThis fix the following items:

O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] wininigo.exe
O4 - HKLM\..\Run: [Microsoft Update 1Machine1] wuamgrd65.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [5941DF80] C:\WINDOWS\System32\ztjmatumxpry.exe
O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\Run: [Windows Media Player Update] raikxoh.exe
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Spool Server] spoolsv64.exe
O4 - HKLM\..\Run: [mswork Service] mswork.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wininigo.exe
O4 - HKLM\..\RunServices: [Microsoft Update 1Machine1] wuamgrd65.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [673B495B] C:\WINDOWS\System32\ztjmatumxpry.exe
O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe
O4 - HKLM\..\RunServices: [Windows Media Player Update] raikxoh.exe
O4 - HKLM\..\RunServices: [Spool Server] spoolsv64.exe
O4 - HKLM\..\RunServices: [mswork Service] mswork.exe
O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] wininigo.exe
O4 - HKCU\..\Run: [Microsoft Update 1Machine1] wuamgrd65.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Windows Media Player Update] raikxoh.exe
O4 - HKCU\..\Run: [Spool Server] spoolsv64.exe
O4 - HKCU\..\Run: [mswork Service] mswork.exe
O4 - HKCU\..\RunServices: [Windows Media Player Update] raikxoh.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] smsc.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
Run a couple of virus checkers and spyware cleaners over the machine (see the various FAQs in this forum and the Windows XP forum), then run Windows Update to get XP SP1 and IE6 SP1 at least. Also ensure that the XP firewall is enabled on your internet connection if you don't want to install a third party product.
Your Norton antivirus has missed quite a lot here, I would check to ensure that the background scan is running and that its virus definitions are up to date.

John
 
Upvote 0 Downvote
Many thanks. I removed the items suggested and the computer was then able to download the Windows Critical updates. It would still not run Norton Live Update so I ran an on-line virus check from TrendMicro which found a number of infected items, all of which were removed. After that, I was able to Re-install Nortons and update it.

I do think that the Spyware software is not as sophiticated as AV software in that you have to use a number of tools to completely clean a machine. It is also not easy to find out information on what a particular item of spyware does. It would be useful if the AV companies took this on-board.

Thanks again for your help.

Colin
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

electricpete
  • Locked
  • Question
ComboFix log 2
Replies
15
Views
397
electricpete
electricpete
electricpete
  • Locked
  • Question
Rootkit Reveal Log 1
Replies
2
Views
106
goombawaho
goombawaho
MarkZK
  • Locked
  • Question
Hijackthis Log 1
Replies
10
Views
127
BadBigBen
BadBigBen
TheAceMan1
  • Locked
  • Question
Another HJT Log 2
Replies
5
Views
141
BadBigBen
BadBigBen
lancekidd
  • Locked
  • Question
Hijack Log
Replies
7
Views
144
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top