Advice please

Discussion in 'adware, spyware & hijack cleaning' started by denis06, Mar 14, 2004.

Thread Status:
Not open for further replies.
  1. denis06

    denis06 Registered Member

    Joined:
    Mar 14, 2004
    Posts:
    2
    Can ne1 advise me if there is anything I should delte from the below scan.

    Logfile of HijackThis v1.97.7
    Scan saved at 18:34:13, on 14/03/2004
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINNT\system32\cisvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
    C:\WINNT\System32\internat.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\WINNT\system32\cidaemon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28000558-287F-44F2-9ECB-F031FB24C63A}: NameServer = 213.120.228.100 62.41.128.9
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi denis06,

    No malware, but some of your startups look superfluous.

    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    You can check what they do here: http://www.sysinfo.org/startuplist.php

    Regards,

    Pieter
     
  3. denis06

    denis06 Registered Member

    Joined:
    Mar 14, 2004
    Posts:
    2
    Is it just a matter of wading through the website until you find a matching entry?
     
  4. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    Hello denis06,

    As an example from the group Pieter mentioned:

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    Just copy and paste the WZQKPICK.EXE into the Search box and click the search button. It will take you directly to the results for that entry.

    HTH.
     
Thread Status:
Not open for further replies.