Another HijackThis Log, help please!!
Hi
The following log is from a computer at work used by the Paramedics to surf the net etc. It is running slow, lots of popups (some possibly medical depending on how you look at them!!) I have run HouseCall (left with Trojan Agent.QS - .RY - .QJ I think) Then Adaware SE with plug in for fixing VX2 Varients And finally, Spybot Search and Destroy. After all that HijackThis produces the following log - " Logfile of HijackThis v1.99.1 Scan saved at 12:59:02, on 02/06/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Endeavors\AppExpress\ece.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\RioMSC.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\SOUNDMAN.EXE C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\WINNT\system32\BtUsrBdg.exe C:\WINNT\system32\BTSetBootKey.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Nokia\Tools\NclTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Ahead\InCD\InCD.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPZSTC04.EXE C:\TonyCleanUp\HijackThis.exe R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: XNetIEObj Class - {1808648B-3102-4293-8AD3-06AF71D3321B} - C:\Program Files\Endeavors\AppExpress\bho_2_5_5_17070\bho.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe O4 - HKLM\..\Run: [cvxsibc] C:\WINNT\system32\cvxsibc.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: BTTray.lnk = C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm O15 - Trusted Zone: http://www.neededware.com O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/17707a8aab78496...p/RdxIE601.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://chequers.palmarmy.com/tsweb/msrdp.cab O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://streaming.endeavors.com/micr...loads/OTAI.CAB O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll O23 - Service: AppExpress Client - Endeavors Technology, Inc. - C:\Program Files\Endeavors\AppExpress\ece.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\system32\RioMSC.exe What next please? Cheers TeeS |
I'm no expert but that 'surfsidekick' looks decidedly iffy to me. There appears to be an R3 entry and 2 04 entries to get rid of.
I've just posted your log into the HIJACK THIS ANALYSER and I was just about right. wanders off with a smug look! |
Hi
The best thing to logonto here www.geekstogo.com They are super at sorting problems like this and have specialist Hijack experts |
Thanks Guys
All sorted now, I hope! TeeS |
Gas Path,
What an excellent link, Ta very much :ok: |
Don't thank me, the link was posted by 'Compass Call' a few days ago. I just thought I'd give it a go:ok:
|
All times are GMT. The time now is 19:30. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.