Hijack this log - TechRepublic
TechRepublic | Forums | Networks
Networks
Question
September 2, 2008 at 01:10 PM
#2145707
wrausch

Hijack this log

by wrausch . Updated 17 years, 9 months ago

Hi,
I was wondering if someone could take a quick look at my Hijack log and see if anything pops out at them; or, if you could give me some advice on how to become adept at finding problems in hijack logs. Thanks so much.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Novell\ZENworks\nalwin32.exe
C:\Program Files\Novell\ZENworks\NalWin.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dpmw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\HijackThis\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mssm.edu/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: RealPlayer Download and Record Plugin for Internet Explorer – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\program files\google\googletoolbar3.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar3.dll
O4 – HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 – HKLM\..\Run: [DVDLauncher] “C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe”
O4 – HKLM\..\Run: [UpdateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 – HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 – HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 – HKLM\..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 – HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 – HKLM\..\Run: [SpeechExec Startup] C:\Program Files\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKCU\..\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [BitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” –force_start_minimized
O4 – HKCU\..\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_7 -reboot 1
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKCU\..\Run: [ISUSPM] “C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe” -scheduler
O4 – Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 – Global Startup: Digital Line Detect.lnk = ?
O4 – Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Create Mobile Favorite – {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} – C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 – Extra button: (no name) – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 – Extra ‘Tools’ menuitem: Create Mobile Favorite… – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Novell delivered applications – {C1994287-422F-47aa-8E5E-6323E210A125} – C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 – Options group: [INTERNATIONAL] International*
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) – http://www.snapfish.com/SnapfishActivia.cab
O16 – DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) – http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 – DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) – http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{82839F76-2280-4BD5-B4AF-9D182B763487}: NameServer = 10.0.4.100,10.0.4.101
O17 – HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mssm.edu
O17 – HKLM\System\CS1\Services\Tcpip\..\{82839F76-2280-4BD5-B4AF-9D182B763487}: NameServer = 10.0.4.100,10.0.4.101
O17 – HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mssm.edu
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 – Winlogon Notify: IntelWireless – C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 – Winlogon Notify: NavLogon – C:\WINDOWS\system32\NavLogon.dll
O20 – Winlogon Notify: NetIdentity Notification – C:\WINDOWS\system32\Novell\XtNotify.dll
O20 – Winlogon Notify: WgaLogon – C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 – Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) – Broadcom Corp. – C:\WINDOWS\system32\basfipm.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Client Update Service for Novell (cusrvc) – Novell, Inc. – C:\WINDOWS\system32\cusrvc.exe
O23 – Service: Symantec AntiVirus Definition Watcher (DefWatch) – Symantec Corporation – C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 – Service: EvtEng – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 – Service: Novell Application Launcher (NALNTSERVICE) – Novell, Inc. – C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 – Service: NICCONFIGSVC – Dell Inc. – C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 – Service: RegSrvc – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 – Service: Novell ZENworks Remote Management Agent (Remote Management Agent) – Novell, Inc. – C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 – Service: Spectrum24 Event Monitor (S24EventMonitor) – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 – Service: SAVRoam (SavRoam) – symantec – C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 – Service: Viewpoint Manager Service – Viewpoint Corporation – C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 – Service: VNC Server Version 4 (WinVNC4) – Unknown owner – C:\Program Files\RealVNC\VNC4\WinVNC4.exe” -service (file missing)
O23 – Service: WLANKEEPER – Intel? Corporation – C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 – Service: Novell XTier Agent Services (XTAgent) – Novell, Inc. – C:\WINDOWS\System32\Novell\XTAgent.exe
O23 – Service: Workstation Manager (ZFDWM) – Novell, Inc. – C:\Program Files\Novell\ZENworks\wm.exe

This discussion is locked

All Comments