|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
April 8th, 2004, 06:09 PM
|
|||
|
|||
|
Help with Hijack log
Just wondering what in this log should be removed thanks.
 Logfile of HijackThis v1.97.7 Scan saved at 7:09:21 PM, on 4/8/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Aston\aston.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Aston\XP\internat.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\System32\javaw.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\LimeShop\LimeShop.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\unzipped\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warriornation.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F0 - system.ini: Shell=C:\Aston\aston.exe ,svchost.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [LimeShop] javaw -cp "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM) O9 - Extra button: AIM (HKLM) O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlm...DC_1_0_0_41.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8056.5305208333 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
|
|
#2
April 8th, 2004, 07:12 PM
|
|||
|
|||
|
Hi PerfectCell
Please download and run LSPFix from here: http://cexx.org/LSPFix.exe On the opening screen, click "I know what I'm doing".. Check all instances of "ua_lsp.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish. Reboot and post a new log. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#3
April 9th, 2004, 10:04 AM
|
|||
|
|||
|
Logfile of HijackThis v1.97.7
Scan saved at 11:00:27 AM, on 4/9/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Aston\aston.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Aston\XP\internat.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Kazaa Lite K++\KazaaLite.kpp C:\Program Files\Trillian\trillian.exe C:\unzipped\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warriornation.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F0 - system.ini: Shell=C:\Aston\aston.exe ,svchost.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM) O9 - Extra button: AIM (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlm...DC_1_0_0_41.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8056.5305208333 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab What did I just do btw? Did I perhaps fix some sort of internet connection problem, because my night downloads keep stopping.
|
|
#4
April 9th, 2004, 07:56 PM
|
|||
|
|||
|
Hi PerfectCell,
LSPFix Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access Here's the link to the main page: http://cexx.org/lspfix.htm If you believe you are having problems because of the fix. Just uninstall TCP/IP from your networking components, reboot and reinstall it. Have your original installation CD handy. Run HijackThis, place a checkmark next to the following items, close ALL other browsers and windows except HijackThis and click "Fix checked". R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm Is C:\Aston\aston.exe AstonShell? I can't find much information on it. To improve performance also remove the following: O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe Tom
|
|
#5
April 9th, 2004, 11:12 PM
|
|||
|
|||
|
Thank you for the help.
And yes Aston is Astonshell I want that running 
|
|
#6
April 10th, 2004, 02:17 PM
|
|||
|
|||
|
I noticed you didn't have XP or IE Service Pack 1 installed. Please Update Windows and Internet Explorer. Download each critical update one by one, rebooting when necessary..
http://v4.windowsupdate.microsoft.com/ Tom
|
|
#7
April 10th, 2004, 05:11 PM
|
|||
|
|||
|
Eh I don't know, I've heard bad things about SP1. I've been avoiding it on purpose.
|
|
#8
April 10th, 2004, 06:10 PM
|
|||
|
|||
|
It's up to you. You have many security holes left wide open if you don't install the patches. Look at it this way, why would MS release something bad for their products? People would stop buying them.
Good luck, Tom
|
|
#9
April 10th, 2004, 10:36 PM
|
|||
|
|||
|
Well you have heard of Windows ME haven't you
|
|
#11
April 19th, 2004, 02:01 PM
|
|||
|
|||
|
is there anything i need to delete
hello there, was just wondering. is there anything i need to remove?
Logfile of HijackThis v1.97.7 Scan saved at 19:56:27, on 19/04/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Norton Personal Firewall\ccPxySvc.exe E:\mIRC\mirc.exe D:\Progs\HijackThis.exe C:\WINDOWS\System32\svchost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = URL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) thanks
|
|
#12
April 21st, 2004, 12:30 PM
|
|||
|
|||
|
Hi Grinch,
Looks clean. Make sure you are up to date on the latest Windows Update patches. Consider installing Spywareblaster and Spywareguard for maximum protection. http://www.javacoolsoftware.com/downloads.html Tom
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Help with Hijack log |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
