hjt log, checking to see if I'm clean yet??

Discussion in 'adware, spyware & hijack cleaning' started by quietdomino, May 30, 2004.

Thread Status:
Not open for further replies.
  1. quietdomino

    quietdomino Registered Member

    Joined:
    May 30, 2004
    Posts:
    2
    Hi there,
    this board was recommended by a woman at cnet.
    my system was hijacked; I downloaded spybot search and destroy, adaware, and hijackthis. Ran all three--selected all with the first two (each found about 60 errors). With hijack this I kept seeing the hijacked homepage in software and would delete it, but it kept coming back when I restarted my system. I think it may be gone now after I just ran adaware, but want to check if everything is clear. One of the byproducts of this hijacking was that my system would not shut down--the run dll program would not respond. This happened again last night, before I ran adaware.
    Hoping you kind souls will help me figure out what I can delete from the HJT log...I'm afraid of screwing something up by deleting the wrong files! Also, as an aside I'm now only going to use Mozilla and Trillian.
    thanks so much.
    qd

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\PROGRA~1\EzButton\CPATR10.EXE
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RunDLL32.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\America Online 9.0\aolwbspd.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Documents and Settings\TOSHIBA USER\Desktop\hijackthis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37933.7672569444
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-432953540000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79E4EC8B-03FA-455F-9456-E8C8C20BDBF4}: NameServer = 205.188.146.146
     
  2. dave38

    dave38 Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    377
    That looks like a clean log to me! Well done.

    Are you still having problems?

    You missed out the header of your log, so I can't tell what version of Window and Internet Explorer you have. Please ensure that you have all the latest updates installed for both.
     
  3. quietdomino

    quietdomino Registered Member

    Joined:
    May 30, 2004
    Posts:
    2
    Hi,
    Thanks!
    I am using Windows XP and IE6.
    But now, of course, I'll be using Mozilla 1.4.
    For the record, I'd never had any problems until a friend used MSN messenger on this machine. Granted, there was probably some spyware I didn't know about, but it didn't start affecting the OS until then.
    For that reason I've installed Trillian.
    And from my recent experiend it seems that Adaware is better than Search and Destroy...I ran it after I ran the former and it found a lot more problems-- all the coolwebsearch stuff that wasn't found by S&D.
    thanks again!
    qd
     
Thread Status:
Not open for further replies.