• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

hijackthis log, pls look

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
unreal

unreal

Registered
Joined
Jul 18, 2003
Location
miami
is there anything here that i need to remove?

Logfile of HijackThis v1.97.7
Scan saved at 11:20:42 AM, on 10/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
D:\Program Files\ProtoWall\ProtoWall.exe
D:\Program Files\Trillian\trillian.exe
D:\Program Files\YahooPOPs\YahooPOPs.exe
d:\progra~1\popfile\popfileb.exe
D:\Program Files\Blueprint Software Works\PMMail 2000\PMMailw.exe
D:\Program Files\ABC\abc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = unreal
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [VirtualDrive] D:\Program Files\FarStone\VirtualDrive\vdtask.exe /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] D:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ATIPTA] D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AcctMgr] D:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BootWarn] D:\Program Files\Norton SystemWorks\Norton AntiVirus\BootWarn.exe /a
O4 - HKCU\..\Run: [ProtoWall] D:\Program Files\ProtoWall\ProtoWall.exe
O4 - Startup: Shortcut to deltemp.lnk = C:\deltemp.bat
O4 - Startup: Trillian.lnk = ?
O4 - Startup: YahooPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Run POPFile.lnk = D:\Program Files\popfile\runpopfile.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{916BE599-F39A-4C2C-98AC-6B7B7DB0931F}: NameServer = 68.168.0.2,68.168.0.5
 
if you don't need them:

O4 - HKLM\..\Run: [VirtualDrive] D:\Program Files\FarStone\VirtualDrive\vdtask.exe /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AcctMgr] D:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BootWarn] D:\Program Files\Norton SystemWorks\Norton AntiVirus\BootWarn.exe /a
O4 - HKCU\..\Run: [ProtoWall] D:\Program Files\ProtoWall\ProtoWall.exe


I hate norton, and you can get rid of the rest if you don't use them
 
first off... go to START and then RUN.
Type "msconfig" and hit enter
Go to the startup tab and uncheck pratically everything that isn't a firewall or an antivirus. Seriously. All that Hpupdate Hp2mon or whatever that Hewlett Packard crap, and... damn wayy to much stuff running.

This just keeps stuff from running from the start up menu. And doesn't remove them

Next, restart the system and hopefully many things will not start up this time around. Now, go into control panel->add/remove programs. Remove just about everything you DO NOT USE. All that HP crap and what not.

Now, go to www.grisoft.com and sign up to get a free copy of AVG. Download it and update it. Then run it.

Next, go to www.download.com and get Sygate firewall. Download, install and keep it running.

Next, try an online browser anti virus as well. This is because norton and aVG don't catch everything so it's sometimes a good idea to use multiple different anti virus scans. I use Housecall Tendmicro Online Anti Virus Scanner

Also, while you are at www.download.com do a search for Lavasoft and download the latest version of Ad-ware SE personal made by lavasoft. Update and run that.

That should clear up everything that can be cleared up and make your PC run as smooth as possible without a completely fresh format/install.
 
their is somethign called regsvr32 /s mgrt.dll in startup,, what the hell si that, i dont want to remove something i may need..
 
You can remove EVERYTHING from the msconfig startup and it will NOT affect windows from running or booting or executing any other programs manually. Everything listed in the startup tab are OPTIONAL programs. Feel free to disable everything. I only have AVG and Sygate and StyleXP in my startup. Only things I want and will allow to come up during boot up.
 
Trust me, do this in order I tell you. Remove everything that doesn't say Symantic on it from the startup. Since you have Service Pack 2 on, the built in firewall will work for now.

Restart your system after unselecting everything but the Norton.

Then go download those 3 programs I mentioned. Sygate, AVG, and Ad-ware.

Install AVG first and it will force a restart. Then download the update and install that.

After you have updated AVG then manually unplug your connection to the internet. Now turn off norton from the startup menu and install Sygate before restarting.

After restarting with norton off and sygate on, you'll be prompted to register sygate. Plug your connection back in and type in gooblygawk and hit the register button so it never bothers you again.

Now install adware and run it.

Sygate will prompt you that for a few minutes that things are trying to access the internet. Some of those are normal window processes that NEED to access the internet if you want to use the internet.

These are:
Application Layer Gateway
Generic Host Process

Everything else you can block like NDIS, LSASS, WinLogon, or a couple of other default window system processes. From here on out, I recommend blocking ANYTHING you don't manually start to access the internet from reaching the internet with Sygate.

I would then spend time going through the add/remove program list and getting rid of anything you don't use. Like all that HP crap, or Yahoo, or whatever else.

Another thing I tend to do is:

START -> Run
type "services.msc"
And scroll down to the Messenger Service and set it to disabled.
I also go into Remove Procedure Call. Under the recovery tab for it I change every option there from "Restart System" to "Restart Service"

This fixes a small little exploit that M$ never got around to changing.

There are a ton of little tweaks you can still do to smooth out your system but this is what I consider the BASICS for any oomputer. Doing these few steps will save you a TON of heartache and headaches later on.
 
ok, thx, doing it all now.. but things like protowall i use for my p2p clients to make sure no riaa, mgm, other fbi sites connect.. so that with a couple other things i may keep.
 
So long as you know that you want it running that is fine. Protowall or PeerGuardian are fine. I know protowall actually uses less overhead. Truth be told though, unless you are constantly leaving a p2p client open I wouldn't run it. No need. This is why I manually turn it on only when I run kazaa resurection or limewire or whatever. Just add it to the shortcut icon that you have for those p2p clients. You can have an icon start more then one pogram at a time. I have mine start peerguardian and my p2p client at the same time.


Anyhow, let me know how much smoother things are running after you are done with everything I mentioned. If you want, I can mention a ton of other tweaks you can do as well heh.
 
ok i followed your instrtuctions, however, sygate is installed and running in the servces, but never asked for register. and doesnt seem to block anything

and yes i would love other tweaks,, going through now with vipers list of services i can disable
 
Viper's list is nice, but not always needed. Other tweaks include making sure windows manages your page file itself instead of you setting limits or hard setting it. In 98 and 200 it was better and faster to force the page file to be a certain size. XP is much faster managing the pagefile by itself. Also, XP runs much faster if you have 2 seperate partitions with XP managed pagefiles.

As for sygate... hrmm. you sure? Do you see a couple of Arrows in the bottom ricon tray at the bottom right of the screen? That is the icon for Sygate firewall. Double click on it and mess around with the options. Also, try to make something connect to the internet like media player or something. You should get a notification message asking Yes or NO, and a checkmark box asking if you want the firewall to always do that operation whenever that process tries to access the internet.

I also tend to turn off remote assistance. I mess around use Firefox by Mozilla as my browser for most sites for security reasons. Some sites you will still need to use IE because those sites explicity check for that browser and refuse to let you use the site without that browser. An example would be the windows updates from www.microsoft.com.

There are some tweaks you can also find over a www.tweak3d..net and www.speedguide.net.

Another thing I tend to do is go through the registry manually and remove stuff from the msconfig startupreg entry areas. This is another way to prevent stuff from starting up when you boot into windows.

Beyond keeping unneeded processes from running, having a good anti-virus, a good firewall, managing the services, and managing the pagefile there isn't many more tweaks that will make huge improvements in security, speed, and reliability. Everything else is little tweaks like those listed on viper's site, tweak3d and speedguide. There is alot of reading but some nice stuff to go through.

Don't forget to uninstall anything you don't want and defrage the harddrive as well. This will give a nice boost in IO performance.

If you have more then one ethernet connection, disable the one you aren't using as this will cause your boot ups to be slower. I have 2 built in ethernet ports on my motherboard for example and leaving them both enabled forces me to have to wait for the 30 second timeout when booting up.

Also, it's a good idea to go into:
Control Panel -> Administrative tools -> Computer Management

Look under Local Users and Groups -> Users

Then make sure Guest is disabled. Also, change the name and add a password to Administrator (this can be a very bad exploit). Might want to do the same thing for any user listed there that you never log on with. You could even delete them really. All you have to have is the Administrator, Yourself, and Guest.
 
nope sygate is not their, but is in the processes, hmm,, i also dont even have a page file, i have 2 gigs of ram, no need for it hehe

new hijack file

Logfile of HijackThis v1.97.7
Scan saved at 4:31:35 PM, on 10/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\Sygate\SPF\smc.exe
D:\Program Files\YahooPOPs\YahooPOPs.exe
d:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
d:\progra~1\popfile\popfileb.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Blueprint Software Works\PMMail 2000\PMMailw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = unreal
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AcctMgr] D:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [AVG_CC] d:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ProtoWall] D:\Program Files\ProtoWall\ProtoWall.exe
O4 - Startup: YahooPOPs.lnk = ?
O4 - Global Startup: Run POPFile.lnk = D:\Program Files\popfile\runpopfile.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{916BE599-F39A-4C2C-98AC-6B7B7DB0931F}: NameServer = 68.168.0.2,68.168.0.5
 
Last edited:
nope sygate is not their, but is in the processes, hmm,, i also dont even have a page file, i have 2 gigs of ram, no need for it hehe
Click to expand...

Umm, just manually start sygate then and turn the option on to have it startup when windows does.

Add yes, you ALWAYS have a pagefile with win xp. No matter how much ram you have you will always have a pagefile. XP was designed this way. Which is why I said doing that pagefile tweak will speed up XP noticeably as well. Try it.

Also, as a side question, is everything running much smoother and faster now since you've done the tweaks?
 
You should generally keep a pagefile, because some bloated programs will hog up a certain amount of memory and set it aside for itself. If there's a pagefile available, the system can assign pagefile space. Otherwise, precious RAM will be wasted.

If you are concerned about pagefiles fragging, you can try a program called PageDefrag for Win2K / XP. You can download it here.

Not only can it defrag your pagefile, but it will also defrag your registry files, hybernation files, and event log files- which normal defrag utilities don't touch.
 
yeah i usedthat before, thx, ok so i have a page file 100-1000mbs, i clicked on sygate to start and seems to lad but nothing in the bottom tray icon, its in the process but not in the tray.. something has to be wrong, and yes my comp is spedd up a bit.
i think something has to be screwing up my startup. i have norton password manager on also, and even when the option to startup with windows is on, it doesnt, and sygate starts but doesnt sho up or seem to prtoect anything, still havent registered it, im in sp2 and ugh..
 
Last edited:
sounds like something is trying to stop sygate from running. That sounds suspicously like a virus as many will try to stop firewalls and antivrisu programs if they can.

Have you tried that website I listed? http://housecall.trendmicro.com and running their online virus checker? There is a couple of decent ones. It's good to run multiple anti virus checkers because you will not find them all with one period.

Really, the more I read over what you lsat posted, the more positive I am that you have a virus or trojan of some sort.
 
i have ran multiple virus scans, differnt progs, online scans,, trojan removers,, nothing was found,, ugh
 
doesn't mean it's not there if it's a particularly good virus. Then again, it could be you got hit by one before and it screwed up your installation of windows bad enough that it's having problems running for whatever reason. I've seen this happen. Just because you get rid of a virus doesn't mean it hasn't done it's damage. You don't get a virus and it just sits there. They get there and do something for a reason.
 
You must log in or register to reply here.

Similar threads

M
SOLVED I think i have a virus (hijackthis log within)
Replies
7
Views
2K
SteveLord
SteveLord
rebelwarlock
Something really fishy going on with firefox
Replies
7
Views
999
c627627
c627627
N
Need experts help with extremely low XTU score.
Replies
1
Views
3K
ATMINSIDE
ATMINSIDE
ashenfang
Anyone play Kerbal Space Program?
Replies
4
Views
3K
bamato
bamato
c627627
How I modded my Windows 10 installation - How (not) to install Windows 10
Replies
2
Views
9K
c627627
c627627
Back