Question

Locked

hijackthis

By rvilla501 ·
Is there anyone than can help with this hijackthis Logfile i downloaded from my pc, I have not made any changes to my pc since I was instructed to get help from knowlidgable people on this subject.

Here is my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:55:19 AM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\mac\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CA Total Protection Control Center] "C:\Program Files\CA\Protection Suite\Client\TPCC.exe" -tray
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~2\realmon.exe -s
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\poyswyvi.dll",sitypnow
O4 - HKLM\..\Run: [Protection Suite Anti-Spyware Realtime] C:\Program Files\CA\eTrust PestPatrol Corporate Edition\\PPMCActiveDetection.exe -logpath:"C:\Program Files\CA\eTrust PestPatrol Corporate Edition\\Pest.log"
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\mac\Application Data\Microsoft\Windows\chcbk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1**0-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1**0-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.advancedmd.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} (PPMDForms.Forms) - https://app.advancedmd.com/practicemanager/ppmdcontrols/ppmdforms.cab
O16 - DPF: {6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} (AMDSControls50.XGroupCategory) - https://app.advancedmd.com/practicemanager/ppmdcontrols/amdscontrols50.cab
O16 - DPF: {9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} (AMDSWSCheck.WSCheck) - https://app.advancedmd.com/practicemanager/ppmdcontrols/amdswscheck.cab
O16 - DPF: {B15C3921-CCFA-4403-9E6F-4470839E835E} (Leadtools.XLead) - https://app.advancedmd.com/practicemanager/ppmdcontrols/leadtools.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://app.advancedmd.com/practicemanager/ppmdcontrols/activexviewer.cab
O16 - DPF: {CC99A86F-EA5D-414A-8231-7C3F1B10A644} (AMDSAudio.XAudio) - https://app.advancedmd.com/practicemanager/ppmdcontrols/amdsaudio.cab
O16 - DPF: {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} (PPMDVBDownload.XShowReady) - https://app.advancedmd.com/practicemanager/ppmdcontrols/ppmdvbdownload.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TCMSWL.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = TCMSWL.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TCMSWL.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TCMSWL.LOCAL
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = TCMSWL.LOCAL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ceaulcbs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

You were instructed to get help?

by OldER Mycroft In reply to hijackthis

What with exactly?

What is your problem?

Collapse -

hijackthis

by rvilla501 In reply to You were instructed to ge ...

When running "hijackthis", it searches your files and tells you which files may be infected, (only someone with vast pc experience should delete files that may contain spyware, malware) when found by the hijackthis.exe program.

I need to know if someone is out there that can tell me what files look legit and what files look corrupt. The LOGFILE script that i provided is what may be corrupt in each and every file...though some may NOT be corrupted so I cant erase everything posted in the logfile.

thx mycroft.

Collapse -

You're not getting my point...

by OldER Mycroft In reply to hijackthis

No matter where you post your HiJackThis listing, you should always include a description of WHY you have posted it.

The listing cannot be interpreted accurately unless you indicate what problem(s) you have had that prompted you into posting the listing in the first place.

Otherwise you may be advised to remove entries that the Reader doesn't like, but You are perfectly happy with.

Collapse -

hijackthis

by rvilla501 In reply to You're not getting my poi ...

Hi mycroft,

The problems are: 1. Extremely slow computer running XP service pack2.

2. system had 148 infected files by malware and such.

3. Scanned system, removed all but 6 bad files with just about every known anti-spam, malware type program available

4. Computer still running at a snell's pace.

5. Ran hijackthis.exe program, (Intructions on program say not to delete any files until someone who knows what the files actually mean or do views them) I do not know which of the logfiles i provided are causing the problem with the pc which is the reason I posted to see if anyone here knows which are the GOOD files and which are the BAD files. Which files do I need to delete.

I have some info for a couple forums from a previous techruplic response but I have not heard anything as of now.

Collapse -

Did you know

by Tig2 In reply to hijackthis

There is a support forum linked to the HijackThis site where you can post your results for analysis. They are really good about getting back to folks. And they do a lot of this kind of analysis so really good at it.

Give it a try:
http://forums.spywareinfo.com/
http://www.whatthetech.com/
http://www.techmonkeys.co.uk/

These are just a few of the recommended sites from HijackThis.

Good Luck!

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Forums