[triadtechtalk] Re: hijackthis
- From: Armando Barreiro <fidelis1sob@xxxxxxxxx>
- To: triadtechtalk@xxxxxxxxxxxxx
- Date: Sun, 4 Oct 2009 11:44:22 -0700 (PDT)
Juanita, you're using a deprecated version of HJT. Please, uninstall the 1.99
version and download and use this 2.02 version
(http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe) to
create a log and then copy/paste it in your reply to this message and I'll give
you a hand with it.
Armando
--- On Fri, 10/2/09, Juanita Kimble <jkimble@xxxxxxxxxx> wrote:
From: Juanita Kimble <jkimble@xxxxxxxxxx>
Subject: [triadtechtalk] hijackthis
To: triadtechtalk@xxxxxxxxxxxxx
Date: Friday, October 2, 2009, 10:13 PM
Hi
Would someone please tell me which of these I need
to take off with hijackthis. I know the toolbars google and yahoo needs to come
off but I don't want to take something I might need.I sure don't need
those. My PC is so slow it takes three to five minutes to go to my home
page(which is google) or even open outlook
express.
I still haven't gotten the last update of
hijackthis. Guess I am afraid I will mess something up.
When you want to save a backup using it. How do you
make a folder to put it in so you will know what the backup is? Does it
automatic save it in the hijackthis folder after you save it in a new
folder?
Thought I might have malware but couldn't get
malwarebytes to work.I have Zone Alarm in learning mode. I went to the logs
there were lots saying malwarebites was trying to communicate with so and
so.
Also I did block google toolbar which was about 8
different ones and yahoo toolbar which was two of them.
I think I might have have blocked wmi command line
but went back and allowed it. Don't know if it is suppose to be allowed or not.
There was two with just wmi on the zone alarm program list also.They
are allowed.
Sorry for so many questions at one time. I know I
need to get the toolbars off first.
Is there a way to keep from getting them
again?
Juanita
Logfile of HijackThis v1.99.1
Scan saved at
8:39:29 PM, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE:
Internet Explorer v8.00 (8.00.6001.18702)
Running
processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program
Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program
Files\Intel\Modem Event
Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program
Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
C:\Program
Files\Java\jre6\bin\jusched.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents
and Settings\Juanita\My Documents\Small
Programs\hijackthis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer,(Default) = Download Directory
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1
- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2
- BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO:
DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google
Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -
C:\Program Files\Google\Google
Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In
2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar
- {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [jv16PT - Privacy Protector]
C:\Program Files\jv16 PowerTools 2005\jv16PT.exe -ExecTask "C:\Program
Files\jv16 PowerTools 2005\Tasks\_PrivacyProtector\Task.jvb"
O4 -
HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event
Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers]
C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 -
HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer
924\dlccmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM
Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
-startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run:
[SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 -
HKCU\..\Run: [swg] "C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 -
HKCU\..\RunOnce: [Shockwave Updater]
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322;
Media Center PC 4.0; Media Center PC 3.0; .NET CLR 2.0.50727)"
-"http://www.gamesquared.com/gm.shtml?0369.htm";
O9
- Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools'
menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button:
Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL]
International
O17 -
HKLM\System\CCS\Services\Tcpip\..\{22D98C8C-C39D-4FD3-BD1D-155889FAF7E3}:
NameServer = 66.175.131.20,66.175.131.21
O20 - Winlogon Notify: dimsntfy -
%SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify:
igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: dlcc_device - Unknown owner -
C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: getPlus(R) Helper - NOS
Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 -
Service: Google Software Updater (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service:
Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program
Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program
Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Intel
NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector
Internet Monitor (vsmon) - Check Point Software Technologies LTD -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Other related posts:
