Hijack THis log entries question?

Discussion in 'adware, spyware & hijack cleaning' started by chip718, Feb 19, 2004.

Thread Status:
Not open for further replies.
  1. chip718

    chip718 Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    60
    Hello, all. I have a question I hope someone could answer I downloaded a program and when it installed Spyguard caught the BHO and I didn't add it, but it also added some buttons to IE. Can someone tell me if I can get rid of the buttons will the program still work? The entries in question are:
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Citi (HKLM)
    O9 - Extra button: Real.com (HKLM)

    If anyone see anything else questionable please let me know. Thanks in advance. :)

    Logfile of HijackThis v1.97.7
    Scan saved at 4:19:32 PM, on 2/19/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINNT\System32\gearsec.exe
    C:\$ISR\0\ISRService.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\System32\CTHELPER.EXE
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\$ISR\$APP\ISRMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\America Online 9.0\aolwbspd.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\WINNT\System32\svchost.exe
    C:\Documents and Settings\Owner\Desktop\Chip's Stuff\backups\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [ISR_MONITOR] C:\$ISR\$APP\ISRMonitor.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Citi (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} - https://www.accountonline.com/svc/cbna/cb/content/van/includes/oinstall.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37999.6777893519
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AF566226-E715-4B94-9045-89809A3E392E}: NameServer = 205.188.146.146
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi chip718,

    If you don't use the buttons, you can remove them.
    Should you regret it later, HijackThis makes backups.

    The log looks OK to me.

    Regards,

    Pieter
     
  3. chip718

    chip718 Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    60
    Thanks. Can you please tell me if HijackThis automatically makes the backup. I ask because I fixed the entries, but I cant find the backup. In HijackThis I checked Other Stuff>Config..>Backups and the last backup was from 1/15/04
     
  4. leosoldtimer

    leosoldtimer Registered Member

    Joined:
    Feb 19, 2004
    Posts:
    1
    hi all somebody please tell me where i can get Hijack This...i'm having all kind of problems with my pc and i read that this might help....please be patient cause i am a NEWBIE o_O o_O
     
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi leosoldtimer :)

    Welcome to Wilders.

    Just follow the instructions here,

    http://www.wilderssecurity.com/showthread.php?t=15913

    and you'll find everything u need.

    When u post your log, please start a new thread in this forum.

    Thanks :)



    snowbound
     
  6. SteveUK

    SteveUK Guest

    Same here. I fixed some Tools and buttons entries and no backups were created, although when fixing ie6 search bar entry, a backup was made.
     
  7. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    If HJT is in it's own folder, it will create backups.





    snowbound
     
  8. chip718

    chip718 Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    60
    Yes, my HJT is in it own folder with a bunch of other backups, but it didn't backup a couple of my last fixs. Maybe it only backups a certain action? Is that a possiblity? *puppy*
     
  9. SteveUK

    SteveUK Guest

    Mines in its own folder too. c:\program files\hijackthis

    It appears it wont backup entries in IE Tools menu or buttons, same problem as chip718 has. We both have backups from other entries, so its installed correctly.

    (Win 2k)
     
Thread Status:
Not open for further replies.