Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this logfile not sure what to get rid of. [CLOSED]

Started by PlatinumPlus , Oct 31 2005 08:43 AM

  • This topic is locked This topic is locked

#1
PlatinumPlus
Posted 31 October 2005 - 08:43 AM

PlatinumPlus

    New Member

  • Member
  • Pip
  • 2 posts
I've ran such things as ewido security suite and it helped get rid of
this file entitled pokapoka76.exe but there's still other things
i don't know exactly which files are bad but i know there's some
maybe even one of the files that's spyware or something like it
so whoever can check out my hijack this logfile,i'd appreciate it.






Logfile of HijackThis v1.99.1
Scan saved at 9:36:56 AM, on 10/31/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WScript.exe
C:\Program Files\System Files\System.exe
C:\Program Files\CMSystem\CMSystem.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jamie\My Documents\hijackthis\HijackThis.exe
C:\WINNT\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
F0 - system.ini: Shell=Explorer.exe C:\WINNT\system32\winmgd.win
F1 - win.ini: run=C:\WINNT\system32\mouse_configurator.win
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINNT\System32\nsg6.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINNT\System32\irasuudy.dll (file missing)
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\spkdgk.exe reg_run
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINNT\system32\Kernel32.win
O4 - HKLM\..\Run: [Israfel] C:\WINNT\system32\Israfel.vbs
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [irassync] C:\WINNT\System32\irasyncd.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

Advertisements

#2
PlatinumPlus
Posted 07 November 2005 - 10:45 AM

PlatinumPlus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
it's been past 3 days now!!!!!
  • 0

#3
Trevuren
Posted 07 November 2005 - 01:06 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Platinum Plus and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Please DELETE your current HJT program from its present location.

2. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren
  • 0

#4
Trevuren
Posted 17 November 2005 - 02:16 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP