I am trying to clean up my laptop in the attempt to get rid of popups and whatever else my school's network has infected my laptop with during the past year. I've been using AdAware for a while, Spybot for the past month, and it only fixes the problems temporarily. So in addition to those, I'm trying HijackThis for the first time. Can someone please read the log I've pasted below and let me know what I should fix? Thanks so much.
Logfile of HijackThis v1.98.0
Scan saved at 11:07:38 AM, on 7/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ifazglnx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\documents and settings\rachel\local settings\temp\vaX2K.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\bdbasew.exe
C:\WINDOWS\System32\aclsc.exe
C:\WINDOWS\System32\owexecw.exe
C:\Documents and Settings\Rachel\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tcnj.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tcnj.edu/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ugvskd] C:\WINDOWS\System32\ifazglnx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [vaX2K] C:\documents and settings\rachel\local settings\temp\vaX2K.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\Rachel\LOCALS~1\Temp\app3398.tmp
O4 - HKLM\..\Run: [bdbasew] C:\WINDOWS\System32\bdbasew.exe
O4 - HKLM\..\Run: [aclsc] C:\WINDOWS\System32\aclsc.exe
O4 - HKLM\..\Run: [owexecw] C:\WINDOWS\System32\owexecw.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsu.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/clas ... ,3,2,20802
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto ... dwnldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4360133C-A385-4C4F-9028-9B11F206C3F0}: NameServer = 205.188.146.146
please help this newbie with HijackThis log!
-
Sumpin_Wong
- Registered User
- Posts: 198
- Joined: February 29th, 2004, 6:58 am
- Location: NE Ohio
- Contact:
OMG that is a ton of sh.. 
I would save the most important files/folders, and reformat windows (reinstall WinXP). That should take care of any spyware or virus problems you have, and will remove all the BS you received from the schools network.
You will have a fresh start, and can install/run programs like: AdAware, Hijack This, Spybot, NoAds, etc.. to keep it running a bit better and more stable.
(Make sure to get all of the "Critical Updates" for WinXp)
I would save the most important files/folders, and reformat windows (reinstall WinXP). That should take care of any spyware or virus problems you have, and will remove all the BS you received from the schools network.
You will have a fresh start, and can install/run programs like: AdAware, Hijack This, Spybot, NoAds, etc.. to keep it running a bit better and more stable.
(Make sure to get all of the "Critical Updates" for WinXp)
Logfile of HijackThis v1.99.1
Scan saved at 1:15:10 PM, on 7/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Samantha\Desktop\HijackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2679719078
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
-
richh0323
- Registered User
- Posts: 512
- Joined: December 14th, 2004, 8:47 pm
- Location: Buffalo, New York
Raylet if you still need you're log scanned he it is, sorry it took so long, I missed part of this post. 
Fix the selected boxs with nasty and then repost you're new log.
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) - Nasty
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL - Nasty
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL - Nasty
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com - Nasty
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll - Nasty
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL - Nasty
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL - Nasty
O4 - HKLM\..\Run: [ugvskd] C:\WINDOWS\System32\ifazglnx.exe - Unknown
O4 - HKLM\..\Run: [vaX2K] C:\documents and settings\rachel\local settings\temp\vaX2K.exe - Unknown
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" - Nasty
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe - Unknown
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\Rachel\LOCALS~1\Temp\app3398.tmp - Unknown
O4 - HKLM\..\Run: [bdbasew] C:\WINDOWS\System32\bdbasew.exe - Unknown
O4 - HKLM\..\Run: [aclsc] C:\WINDOWS\System32\aclsc.exe - Unknown
O4 - HKLM\..\Run: [owexecw] C:\WINDOWS\System32\owexecw.exe - Unknown
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsu.exe - Nasty
O4 - Global Startup: Digital Line Detect.lnk = ? - Unknown
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe - Unknown
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/clas ... ,3,2,20802 - Possibly nasty
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto ... dwnldr.cab - Possibly nasty
O17 - HKLM\System\CCS\Services\Tcpip\..\{4360133C-A385-4C4F-9028-9B11F206C3F0}: NameServer = 205.188.146.146 - Possibly nasty
Fix the selected boxs with nasty and then repost you're new log.
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) - Nasty
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL - Nasty
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL - Nasty
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com - Nasty
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll - Nasty
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL - Nasty
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL - Nasty
O4 - HKLM\..\Run: [ugvskd] C:\WINDOWS\System32\ifazglnx.exe - Unknown
O4 - HKLM\..\Run: [vaX2K] C:\documents and settings\rachel\local settings\temp\vaX2K.exe - Unknown
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" - Nasty
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe - Unknown
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\Rachel\LOCALS~1\Temp\app3398.tmp - Unknown
O4 - HKLM\..\Run: [bdbasew] C:\WINDOWS\System32\bdbasew.exe - Unknown
O4 - HKLM\..\Run: [aclsc] C:\WINDOWS\System32\aclsc.exe - Unknown
O4 - HKLM\..\Run: [owexecw] C:\WINDOWS\System32\owexecw.exe - Unknown
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsu.exe - Nasty
O4 - Global Startup: Digital Line Detect.lnk = ? - Unknown
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe - Unknown
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/clas ... ,3,2,20802 - Possibly nasty
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto ... dwnldr.cab - Possibly nasty
O17 - HKLM\System\CCS\Services\Tcpip\..\{4360133C-A385-4C4F-9028-9B11F206C3F0}: NameServer = 205.188.146.146 - Possibly nastyIf I could remember all I have forgotten, I would be a smart man.