HELP!!!! need help with hijack log results

HELP!!!! need help with hijack log results
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
HELP!!!! need help with hijack log results crucialware 04-26-2005
Posted by crucialware on April 26, 2005, 5:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
having serious network problems and got this as my hijack log:

gfile of HijackThis v1.99.1
Scan saved at 6:54:18 PM, on 4/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\iNTERNET Turbo\iDetect.exe
D:\Program Files\iolo\System Mechanic 5\StartupGuard.exe
C:\program files\valve\steam\steam.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Philips\PSA2\skin\qvecplsk.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Ventrilo\Ventrilo.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Winamp\Winamp.exe
D:\Program Files\Soulseek\slsk.exe
D:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
D:\WINDOWS\about.htm
O2 - BHO: My Search BHO - -
D:\Program Files\MySearch\bar.bin\S4BAR.DLL
O2 - BHO: (no name) - -
D:\WINDOWS\system32\HDBHO.dll
O2 - BHO: MySearch Search Assistant BHO -
- D:\Program
Files\MySearch\SrchAstt.bin\MYSRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class -
- D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - -
D:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: PCTools Site Guard - -
D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor -
-
D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan -
- d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask]
"d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online]
"d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig]
D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32
D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Detect] D:\Program Files\iNTERNET Turbo\iDetect.exe
/auto
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "D:\Program
Files\iolo\System Mechanic 5\StartupGuard.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe"
-silent
O4 - Startup: Folding@Home 5.03.lnk = ?
O9 - Extra button: AIM - -
D:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: (HouseCall Control) -
http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: (DwnldGroupMgr Class)
-
http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4453/mcfscan.cab
O20 - Winlogon Notify: WB - D:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
McAfee, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
D:\WINDOWS\system32\ZoneLabs\vsmon.exe



Posted by crucialware on April 26, 2005, 6:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
oh yeh btw my net spikes like crazy like every 30 seconds...



Posted by M Trimble on April 26, 2005, 10:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Tue, 26 Apr 2005 17:56:21 +0000, crucialware wrote:

> having serious network problems and got this as my hijack log:
>
> gfile of HijackThis v1.99.1
> Scan saved at 6:54:18 PM, on 4/26/2005 Platform: Windows XP SP2 (WinNT
> 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> D:\WINDOWS\System32\smss.exe
> D:\WINDOWS\system32\winlogon.exe
> D:\WINDOWS\system32\services.exe
> D:\WINDOWS\system32\lsass.exe
> D:\WINDOWS\system32\Ati2evxx.exe
> D:\WINDOWS\system32\svchost.exe
> D:\WINDOWS\System32\svchost.exe
> d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
> D:\WINDOWS\system32\ZoneLabs\vsmon.exe
> d:\PROGRA~1\mcafee.com\vso\mcshield.exe D:\WINDOWS\system32\Ati2evxx.exe
> D:\WINDOWS\Explorer.EXE
> D:\PROGRA~1\mcafee.com\agent\mcagent.exe
> D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe D:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe d:\progra~1\mcafee.com\vso\mcvsescn.exe
> D:\Program Files\QuickTime\qttask.exe D:\WINDOWS\system32\rundll32.exe
> D:\Program Files\iNTERNET Turbo\iDetect.exe D:\Program Files\iolo\System
> Mechanic 5\StartupGuard.exe C:\program files\valve\steam\steam.exe
> D:\WINDOWS\System32\svchost.exe
> D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Internet
> Explorer\IEXPLORE.EXE D:\Program Files\Philips\PSA2\skin\qvecplsk.exe
> D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program
> Files\Ventrilo\Ventrilo.exe D:\Program Files\Winamp\winampa.exe
> D:\Program Files\Winamp\Winamp.exe
> D:\Program Files\Soulseek\slsk.exe
> D:\Documents and Settings\Brian\Desktop\HijackThis.exe
>
>
Uhm, no offense, but you´ve got a LOT of stuff running in background. At
a minimum, I´d kill of your Winamp (D:\Program Files\Winamp\winampa.exe
> D:\Program Files\Winamp\Winamp.exe), probably your Real ( D:\Program
> Files\Common Files\Real\Update_OB\realsched.exe) and probably your iPod
(D:\Program Files\iPod\bin\iPodService.exe) services.

Once I´d done that, I´d probably go through and find out what else is
running that isn´t essential. ZoneAlarm, McAffee and similar programs are
necessary. Ditto that for some of the Windows stuff
(d:\windows\system32\*). Everything else, unless it´s a driver, I´d kill
and remove from the startup listing.

Step three would be to reset ZoneAlarm to silently deny most of
everything.

If you do that, you should be fine, and as an added bonus, your machine
should run better/faster, etc.

HTH
M


Similar ThreadsPosted
Help - Hijack This log February 22, 2005, 6:41 pm
'Hijack This' log file May 7, 2004, 12:12 pm
Removing WinTools: Can't Run "Hijack This" June 23, 2005, 11:47 pm
Matlab results ok for publication?? November 14, 2004, 8:49 pm
ftp to ibiblio results in connection to Google as well August 22, 2007, 11:00 am
Re: Open-source bug hunt results posted March 11, 2006, 4:23 pm

The site map in XML format XML site map

Contact Us | Privacy Policy