HijackThis Scan
Results 1 to 8 of 8

Thread: HijackThis Scan

  1. #1
    Join Date
    Aug 2002
    Location
    ma
    Posts
    239

    HijackThis Scan

    i suspect viruses....could someone help with this scan from hijackthis?
    thanks

    Logfile of HijackThis v1.97.7
    Scan saved at 6:30:59 PM, on 1/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security Professional\NISUM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
    C:\Program Files\Norton Internet Security Professional\SymPxSvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
    C:\WINDOWS\Mixer.exe
    C:\Dave's Downloads\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virtualdr.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...946.7255092593
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...13/mcfscan.cab
    it's all about the ride

    dave

  2. #2
    Join Date
    Jun 2001
    Location
    Albuquerque, NM USA
    Posts
    14,686
    bdog166--I am certainly no expert, but it looks pretty clean to me. However, I do not know what O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - (no file) is.

    So why do you think you have a virus? Have you an antivirus program running? Or for spyware, do you have a spyware detector such as
    AdAware
    http://www.lavasoft.de/support/download/ or
    SpybotS&D
    http://security.kolla.de/
    installed?
    And if yes, do you scan with them frequently and do you keep them updated with the latest definitions and reference files?
    Jim
    WIN7 Ultimate SP1 64bit, IE 11, NTFS,
    cable, MS Security Essentials, Windows 7 firewall

  3. #3
    Join Date
    Aug 2002
    Location
    ma
    Posts
    239
    my outlook express was taking forever to load......i ran mcafee online scan and it picked up w32/dbot.gen (something like that, going from memory), last week.....i use NIS and it scans clean.......i was looking at a post somewhere and in task manager had some of the same processes running...

    http://www.sysinfo.org/startuplist.php


    my daughter uses Limewire and she's always on AIM.......i believe this is where the viruses/worms/trojans, etc. are coming from
    it's all about the ride

    dave

  4. #4
    Join Date
    Jun 2001
    Location
    Albuquerque, NM USA
    Posts
    14,686
    bdog166--Is OE still taking a long time to load?
    Did you uninstall the w32/dbot.gen (or whatever it was) virus your antivirus program found?
    If you have no present problems, I think you are OK.
    It is hard to know what to say about problems your daughter may cause in the future. You can always establish her as a separate user of the PC.
    And have a look at this for ways to protect your PC in general.
    http://www.mvps.org/winhelp2002/unwanted.htm
    P.S. That list
    http://www.sysinfo.org/startuplist.php
    looks helpful. Do you have any questions based on it?
    Jim
    WIN7 Ultimate SP1 64bit, IE 11, NTFS,
    cable, MS Security Essentials, Windows 7 firewall

  5. #5
    Join Date
    Aug 2002
    Location
    ma
    Posts
    239
    welshjim, yes i got rid of w32/dbot.worm.gen somehow(i ran "stinger" from another thread)....OE loads fine now, no other problems present that i know of...also, looking at that "startup list", i see that the entries are probably valid(clicking on the blue words takes you to another WinTask page with explanations)...that's where i was mistaken i think.......i guess this pc is ok....i'll continue with "security tips" from other threads, and will check out your link
    thanks for the help
    it's all about the ride

    dave

  6. #6
    Join Date
    Feb 2002
    Posts
    37
    Re: O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - (no file), http://www.spywareinfo.com/bhos/ lists it as spyware/malware, so you'll want to get rid of it. More specifics at http://www.doxdesk.com/parasite/BookedSpace.html

  7. #7
    Join Date
    Jun 2001
    Location
    Albuquerque, NM USA
    Posts
    14,686
    confused1--Good for you!!
    I forgot about that BHO list. I now see that I also could have looked at www.google.com.
    Jim
    WIN7 Ultimate SP1 64bit, IE 11, NTFS,
    cable, MS Security Essentials, Windows 7 firewall

  8. #8
    Join Date
    Aug 2002
    Location
    ma
    Posts
    239
    thanks for the info, guys.....looked at the 2 links, great info...i got rid of that line.....ok for now...i guess its a neverending battle....
    it's all about the ride

    dave

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •