-------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:24:09 PM, on 8/7/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\NILaunch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BYOND\bin\byond.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.e xe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.odfyepypjfblhgenkxhrwf.org/ bsuyM8ekiS9XwsGmeto5pNTdy9TR5PWS0JtiDBjsgRYezJ_Ufk4ddHVzZWev ZDLC.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINNT\system32\DSMANA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E7566278-8CB0-4A18-7A83-13D3B53F316C} - C:\DOCUME~1\ADMINI~1\APPLIC~1\CAMPAC~1\does admin.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\system32\NILaunch.exe
O4 - HKLM\..\Run: [extraobjwipefilm] C:\Documents and Settings\All Users\Application Data\User acid extra obj\cornstop.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Hxpkaq] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [Dead program] C:\DOCUME~1\ADMINI~1\APPLIC~1\FRAGBA~1\Scr license.exe
O4 - HKCU\..\Run: [Naoa] C:\Documents and Settings\Administrator\Application Data\oete.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/ 4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/ 1,0,0,21/mcgdmgr.cab
O16 - DPF: {C87ACE20-4BA7-11D4-AD69-0000F80020BC} (MEDITECHAppDwnld) - http://meditech.com/employees/Pages/Software/MTAppDwn.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
---------------------------------------------------------
If anyone can tell, if there anything that might effect the speed of my computer how to fix it.
ID:276357
 Aug 7 2005, 6:28 am (Edited on Aug 7 2005, 6:36 am)
|
|
I was hoping someone would be kind enough.(I just been having some problems with my pc :-\ desktop icons not working right etc.)
| |
HijackThis this is a last step tool. Lets start with the basics.
run 2 antispyware programs such as: 1. Microsoft anti-spware 2. Spybot S&D 3. Ad-adware also update and run your anti-virus program, as well as an online antivirus such as: http://www.kaspersky.com/virusscanner then I can use a hijackthis log to help you. | |
I already ran ad-adware and spybot. They find cookies which I really don't care about and I empty my internet cache. Yes I did update both.
| |
Ok, run your anti-virus to :P. Otherwise start disableing some startup programs such as javawebstart and viewpoint player, ms office, etc. nothing really needs to startup on bootup other then an antivirs/spyware and a firewall.
From the information you have given i'm not really sure what the problem is. is it just a slow internet, or slow computer overall, or are there popups, ect. | |
Dark_Shadow_Ninja wrote:
desktop icons not working right If your icons are changing seemingly at random (just the graphical bit - they should still work fine and have the correct names), that's probably not spyware - it's a known bug in some (all?) versions of Windows. Try going to Microsoft's website and downloading the TweakUI tool. It has an option somewhere in there called "rebuild icons". Do that, and the problem should go away (at least temporarily). I used to have this happen to me all the time on Win98 - I've been fine so far with XP, so I don't know if the NT/2000/XP series is affected, but it's worth a shot. | |
Warning
First of all, HijackThis is an advanced tool for aiding in the removal of all those nasty little things more generally referred to as Spyware. Being that is an advanced tool, you should only attempt using this after consulting a professional, or when you know enough about the subject, and computers in general. Also, HijackThis should only be used after using other Spyware removal tools with the latest definitions first. This is because the removal of some items in HijackThis would not remove the files associated with the Spyware, and cripple the other programs ability to find and remove it.
Here goes nothing!
The first thing you should do when using HihackThis is to make sure you have it installed in it's own directory. Running it from within a compressed file (example: .zip) will result in you not being able to create back-ups to fix any important mistakes you may or may-not make. Better safe than sorry.
Next, simply run a scan! It is highly reccomended that you make a back-up before doing any work so that you may revert to it if you screw something up. Once you are past that step, or skipped it, it's time to get to work.
Inside your HijackThis report, you will see a whole bunch of jibber-jabber. Each one of these things has the potential to either be good... or bad. The tricky part is knowing which. Lucky for you, there is a pretty good solution. It's called google!
Open up google.com in the browser of your choice. Hopefully yours works! If not, save your log to a floppy disc or something similar and head to the local library, friends house, work, or whatever-else. It's time to put in the work. Go through each entry one-by-one, unless you know for a FACT it is legitimate, and enter all, or part of the entry into the google search bar. If this produces no results, try only entering the filename and extension (example: avgamsvr.exe)
The results you will see may vary. The two most helpful types of results will be links to forum entries from other people who are having problems, or if you only entered the filename and extension, you may alternately find a link to a page that explains the details of that particular process, and hopefully, whether or not it is good or bad.
If you encounter a forum link with someone else's HijackThis log, you are going to find that they too had this process running on their system at the time of their scan. This does not necessarily mean it's bad. Read deeper into it and investigate the expert's response to their log. If the expert removed it, go ahead and remove it. Otherwise, it's probably safe to leave it alone.
The other type of result you may encounter is fairly straight-forward as well. You will most-likely see a description of what the process does, who it is by, possibly some associations, and hopefully... whether or not it's bad or not. If you can clearly be sure, then make the appropriate decision.
Sometimes you may get lucky and able to read the short google description on a file to see if it should be deleted or not. Sometimes websites openly advertise it as a malicious file at your convenience. So you may or may not want to try the filenames first to quickly ellimiate the easy fixes, and then go through with the more detailed search to go through all ones you couldn't figure out otherwise.
Now, it's time to decide. After you have made all your choices for removal... well, remove them.
This is a pretty simple and basic introduction to HijackThis. And as a little disclaimer, I am not the absolute final say on anything, so I take no responsibility for anything you do. "If you can't take the heat, get your ass out the kitchen", I say.
For a more in-depth tutorial on how to use HijackThis that involves submitting your HijackThis log to a site actually designed for such a thing, please visit the following link:
http://www.bleepingcomputer.com/forums/ index.php?showtutorial=42
Lastly, I wish you the best of luck, and I hope you found this at least somewhat helpful. I hope you find everything you need, and remember to be safe when dealing with this program! It's not "newbie-friendly". I can't stress that enough.