Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please check out this log

Started by jimc , Dec 22 2004 06:08 PM

  • Please log in to reply

#16
-=jonnyrotten=-
Posted 27 December 2004 - 04:46 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts

# Download VX2Finder.
# Double-click on VX2Finder.exe.
# Click "Restore Policy".
# In the File menu click "Exit".


Yes you only need to restore the policy once.

-=jonnyrotten=- :tazz:
  • 0

Advertisements

#17
jimc
Posted 27 December 2004 - 05:30 PM

jimc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the logfile. I appreciate all the time you have it seems to be working so thanks. :tazz:

Logfile of HijackThis v1.99.0
Scan saved at 23:29:20, on 27/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\windows\system32\GSICON.EXE
C:\Program Files\Launch Manager\Wbutton.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kazaa\My Shared Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63132E91-92F5-449B-BF48-23DD30BDD9AE}: NameServer = 194.74.65.68 194.72.9.34
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#18
admin
Posted 27 December 2004 - 09:59 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. ;)
  • 0

#19
jimc
Posted 28 December 2004 - 01:09 PM

jimc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks very much for your step by step help. Are there any quick ways of speeding up my computer by looking at my HJT log, like deleting processes that are taking up resources. Can you recommend anything to do?
  • 0

#20
jimc
Posted 28 December 2004 - 01:19 PM

jimc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Oh and can you help me silently install sun java because at the moment the console always pops up when there is javascript (or show how to stop it poping up)
  • 0

#21
-=jonnyrotten=-
Posted 28 December 2004 - 01:26 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
My first recommendations for freeing up resources would be to find everything that is starting up with windows and stop everything that you don't need (messengers, xpstyler, automatic updaters, etc..) Keep in mind you do want your antivirus to start.

Also about the java, what exactly is going on? Did you install firefox, and suns java and everytime you view a page with java it opens the java console?

-=jonnyrotten=- :tazz:
  • 0

#22
jimc
Posted 28 December 2004 - 01:46 PM

jimc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Yeh I had already installed suns java and the console pops up whenever i go on a page with javascript (or very often)

+can u help me more specifically with freeing up resources. Cheers.
  • 0

#23
-=jonnyrotten=-
Posted 28 December 2004 - 01:57 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
When you start your pc check the bottom right hand corner to see what all the icons you have are. Then determine whether you need those to start with windows or can you manually start them when you need them. Next click Start, All Programs, Startup and look in there to see what's there and determine whether you need all that to startup or can you manually start them when needed. When you find programs you do not need to startup in the "startup" folder just delete it from the folder, this will work fine. Now programs in the "Tray" on the bottom right hand corner you will need to right click on them and either go to properties, options, or open the program and find properties or options (something along this line) and search for where it will let you tell it not to startup with windows. If you just want to get a list of everything that is starting up and post it back here for me I can help you more specifically that way.

With the java console, I don't recall ever seeing that happen. You installed java from www.java.com correct? Also did you install the java for developers? That may be the problem, I'm not sure. Try going to add/remove programs in control panel, and uninstall java. Next go to www.java.com and click the yellow "Get it Now" button near the top right of the page.

Any more questions feel free to ask. :tazz:

-=jonnyrotten=- ;)
  • 0

#24
jimc
Posted 28 December 2004 - 03:47 PM

jimc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
How do I answer these questions:

Dynamic IP Address (DHCP) or static IP?

Please enter your IP Address

Please enter your netmask

Please enter your gateway

Please enter your DNS 1

Please enter your DNS 2

Please be detailed-thanks in advance
  • 0

#25
-=jonnyrotten=-
Posted 28 December 2004 - 04:09 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Well, what is asking you those questions? Which program? I can help you answer, but need to know the details.

-=jonnyrotten=- :tazz:
  • 0

Advertisements

#26
jimc
Posted 28 December 2004 - 04:22 PM

jimc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
my philips streamium mc-i250 it is an internet hifi
  • 0

#27
-=jonnyrotten=-
Posted 28 December 2004 - 04:35 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
I think I'm a little confused :tazz: Is this something that started popping up as you were disabling startup programs, or a totally separate question? No problems helping you figure it out, but we may need to start a new topic in the "networking" forum if this is an unrelated question. Let me know :thumbsup:

-=jonnyrotten=- ;)
  • 0

#28
jimc
Posted 28 December 2004 - 04:37 PM

jimc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Yeh it is a new question and it is already in the networking section!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP