Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Windows XP > Help needed with hijackthis log

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Help needed with hijackthis log

Reply to Message Icon

Name: Jeemie
Date: November 8, 2004 at 05:20:44 Pacific
OS: XP pro
CPU/Ram: 1.4MHz/256
Comment:

Laptop is poor to start up. Can anyone tell me from the log below what need to be done?

Logfile of HijackThis v1.97.7
Scan saved at 13:00:40, on 08/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\netclnt.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.exe
E:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intranet-worldwide.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:808;gopher=192.168.0.1:808;http=192.168.0.1:808;https=192.168.0.1:808;socks=192.168.0.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.exe
O4 - HKLM\..\Run: [SoundControl] C:\WINDOWS\System32\smrss.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [ynajthfb] kzltjm.exe autorun
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\gfvqen.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Micro Update] dailin.exe
O4 - HKLM\..\Run: [F9C60544] C:\WINDOWS\System32\mkzrbvpf.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\yelygggf.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\RunServices: [Micro Update] dailin.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312

Thenk you, Jeemie.



Sponsored Link
Ads by Google

Response Number 1
Name: josh (by jpag3074)
Date: November 8, 2004 at 05:45:37 Pacific
Reply:

REMOVE
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\basfipm.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\System32\ScsiAccess.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\MXOALDR.exe
C:\Program Files\CommonFiles\PCSuite\Services\ServiceLayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intranet-worldwide.com/
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [ynajthfb] kzltjm.exe autorun
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\gfvqen.exe
O4 - HKLM\..\Run: [Micro Update] dailin.exe
O4 - HKLM\..\Run: [F9C60544] C:\WINDOWS\System32\mkzrbvpf.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\yelygggf.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\RunServices: [Micro Update] dailin.exe

Complete Computer Service, Inc.
NW Indiana


0

Response Number 2
Name: jboy
Date: November 8, 2004 at 10:19:55 Pacific
Reply:

Try pasting your logfile at this site for analysis.

That analysis found only 4 'nasties' and a number of 'unknowns' - I believe 'josh' here has gone just a bit overboard in his recommendations


98% of all statistics are made up


0

Response Number 3
Name: OtheHill
Date: November 8, 2004 at 11:12:28 Pacific
Reply:

I believe this one is associated with sasser
C:\WINDOWS\system32\lsass.exe


0

Response Number 4
Name: jboy
Date: November 8, 2004 at 11:32:45 Pacific
Reply:

No, it would seem to be a normal Windows process.

Some Sasser info here

98% of all statistics are made up


0

Response Number 5
Name: josh (by jpag3074)
Date: November 8, 2004 at 14:22:59 Pacific
Reply:

the lsass is logon, do not remove...

Complete Computer Service Inc.
NW Indiana


0

Related Posts

See More



Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Windows XP Forum Home


Sponsored links
Ads by Google


Results for: Help needed with hijackthis log
Help Need with IF ERRORLEVEL www.computing.net/answers/windows-xp/help-need-with-if-errorlevel/179947.html

What is pchbutton.exe? www.computing.net/answers/windows-xp/what-is-pchbuttonexe/98727.html

High CPU Usage (Urgent Help Needed) www.computing.net/answers/windows-xp/high-cpu-usage-urgent-help-needed/96023.html