Results 1 to 8 of 8

Thread: Please have a look at my hijack this log

  1. #1

    Please have a look at my hijack this log

    Hello!

    I am new here and I thought that you could help me. I want to stay virus/spyware/malware free and I started my crusade to get rid of anything on my computer what is bad for it. I have a lot to learn... and I don't know anything about Hijack this logs.

    Could you help me? If you find anything in my log what should not be there could you tell me what to remove and why? Thanks!

    Btw I don't have Sophos antivirus on my computer. I installed it for very short time (my uni provides it for free to students) and I tried to remove it the same day, because it didn't want to work at all. I failed


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 22:12:20, on 17/04/07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jacob\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.channel4.com/entertainmen...osites/L/lost/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7BE02E06-F5BA-4DF5-AFBF-CA6258A04629}: NameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{820ECF7A-5270-4F32-B556-8F06D2623524}: NameServer = 194.74.65.68,194.72.9.34
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing)
    O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing)
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 5362 bytes

  2. #2
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    70,014
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing)
    O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing)

    Uncheck those, nothing "Bad" though.

    Did you uninstall sophos from add/remove programs?

    NOD32 and windows defender are good.

    For more protection google and download spyware blaster, and spybot, turn on spybots immunize feature.

    Also if you want to go super ****, Super antispyware is another good scanner to have.

    Are you using a firewall app or behind a router?

  3. #3
    I just removed those two...

    The story with Sophos is strange. I would not consider miself as a beginner when it comes to computers, but I could not remove Sophos. I installed it (installation looked normal) and after that Sophos was running, but... I could not acces any setting or even open the program. If you are familiar with Sophos you get this little icon in the task bar looking like a shield. Nrmally it would be blue and it would allow me to acces all settings/menus anything to do with Sophos.

    It was all the time gray, I could not update it, remove it (using add/remove or even ccleaner) or even remove entry in the list of installed programs... I just gave up at some stage.

    Btw network administrator of my uni had a go at this and he could not remove it as well. Wierd..

    I a noob when it comes to networks. I don't have firewall (apart from windows firewall), but I have a rooter in my house (one which covers my house with wireless network if this what you were asking). Should I consider getting one? My computer is slow enough at the moment

  4. #4
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    70,014
    A router is good it gives you NAT, with that you dont need a firewall.


    I'm not familiar with sophos, I would say teh only way you'd remove it is to delete the folder and run a registry cleaner.

  5. #5
    Done it. Seem to be OK. I am sure that there is something left over, but I am not worried. At some stage it will be deleted

    Thank you a lot. You were very helpful

  6. #6
    Regular Member Pettos's Avatar
    Join Date
    Oct 2006
    Location
    Sydney
    Posts
    251
    with that you dont need a firewall.
    My dad is ****, everyone on our network needs Norton Protection Centre.... It's el-crappo. I hate it...

  7. #7
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    70,014
    Ya some system files are left more than likely, but you'll live, not really worth the effort to reinstall just cuz of that.

  8. #8
    I would not reintall windows on this machine. I have Acer laptop and it came with preinstalled winxp on it (I bought it 2 years ago). Since then I didn't have any problems with my windows. And anyway it came with 3 recovery cd or something like this and I would not risk to use them. I dont trust them

Similar Threads

  1. If you are bored, come look at my hijack this log!
    By CoolJ in forum Network Security
    Replies: 6
    Last Post: 10-25-06, 02:18 AM
  2. hijack this log from a friends pc
    By RAAF453_Shep in forum Network Security
    Replies: 3
    Last Post: 09-28-06, 07:26 AM
  3. Hijack this log analysis
    By scillye in forum Network Security
    Replies: 2
    Last Post: 02-21-06, 01:57 PM
  4. Hijack This Log?
    By eightisone in forum Network Security
    Replies: 2
    Last Post: 11-22-05, 09:09 AM
  5. Help with hijack log
    By eightisone in forum Network Security
    Replies: 2
    Last Post: 03-10-05, 09:57 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •