Please help hijack this log. Don't know how to check spywares and malwares.

formatting link
*
formatting link
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =

formatting link
*
formatting link
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =

racer,

This is the wrong site for posting your "HijackThis" log file. Please visit;

formatting link
There is also a self analysis site;

formatting link
NOT RECOMMENDED FOR NOVICE USERS!.

Reply to
Sir_George
Loading thread data ...

TUTORIALS/HELP FILES:

DO IT YOURSELF:

GET EXPERT HELP:

*NOTE: Registration is REQUIRED before posting a log* *NOTE: Web sites NOT listed in any particular order*
Reply to
dak

Dear All,

Good day!

My computer is running slower than usual. Can anyone please tell me what are the possible harmfull things that are here in my computer? I have run hijack this in normal mode and i've got the following logs:

Running processes: C:\\WINDOWS\\SYSTEM\\KERNEL32.DLL C:\\WINDOWS\\SYSTEM\\MSGSRV32.EXE C:\\WINDOWS\\SYSTEM\\mmtask.tsk C:\\WINDOWS\\SYSTEM\\MPREXE.EXE C:\\WINDOWS\\SYSTEM\\MSTASK.EXE C:\\WINDOWS\\SYSTEM\\SSDPSRV.EXE C:\\PROGRAM FILES\\COMMON FILES\\SYSTEM\\MOSEARCH\\BIN\\MOSEARCH.EXE C:\\PROGRAM FILES\\COMMON FILES\\MICROSOFT SHARED\\VS7DEBUG\\MDM.EXE C:\\WINDOWS\\EXPLORER.EXE C:\\WINDOWS\\SYSTEM\\RESTORE\\STMGR.EXE C:\\WINDOWS\\SYSTEM\\PSTORES.EXE C:\\WINDOWS\\TASKMON.EXE C:\\WINDOWS\\SYSTEM\\SYSTRAY.EXE C:\\WINDOWS\\SYSTEM\\IRMON.EXE C:\\PROGRAM FILES\\U-STORAGE TOOLS2.65\\USTORAGE.EXE C:\\PROGRAM FILES\\ISTSVC\\ISTSVC.EXE C:\\WINDOWS\\RACPWKOF.EXE C:\\PROGRAM FILES\\INTERNET OPTIMIZER\\OPTIMIZE.EXE C:\\WINDOWS\\SYSTEM\\5GBO6COB.EXE C:\\WINDOWS\\SYSTEM\\CTFMON.EXE C:\\WINDOWS\\SYSTEM\\WMIEXE.EXE C:\\PROGRAM FILES\\WINZIP\\WZQKPICK.EXE C:\\WINDOWS\\SYSTEM\\DDHELP.EXE C:\\PROGRAM FILES\\WINZIP\\WINZIP32.EXE C:\\WINDOWS\\TEMP\\HIJACKTHIS.EXE

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar =

formatting link
*
formatting link
- HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =
formatting link
*
formatting link
- HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://linemon/scripts/lmmain.exe?Refresh=5R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext =
formatting link
- HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyServer = proxy.sdp.shindengen.co.jp:8080 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

- (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\\PROGRAM FILES\\ADOBE\\ACROBAT 5.0\\READER\\ACTIVEX\\ACROIEHELPER.OCX O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\\WINDOWS\\NEM220.DLL O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\\PROGRAM FILES\\SIDEFIND\\SFBHO.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\WINDOWS\\SYSTEM\\MSDXM.OCX O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\\PROGRAM FILES\\YOURSITEBAR\\YSB.DLL O4 - HKLM\\..\\Run: [ScanRegistry] C:\\WINDOWS\\scanregw.exe /autorun O4 - HKLM\\..\\Run: [TaskMonitor] C:\\WINDOWS\\taskmon.exe O4 - HKLM\\..\\Run: [PCHealth] C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe

-s O4 - HKLM\\..\\Run: [SystemTray] SysTray.Exe O4 - HKLM\\..\\Run: [IrMon] irmon.exe O4 - HKLM\\..\\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\\..\\Run: [USTORAG] c:\\program files\\u-storage tools2.65\\ustorage.exe sys_auto_run C:\\PROGRAM FILES\\U-STORAGE TOOLS2.65 O4 - HKLM\\..\\Run: [IST Service] C:\\Program Files\\ISTsvc\\istsvc.exe O4 - HKLM\\..\\Run: [kiSFspV] C:\\WINDOWS\\RACPWKOF.EXE O4 - HKLM\\..\\Run: [Internet Optimizer] "C:\\Program Files\\Internet Optimizer\\optimize.exe" O4 - HKLM\\..\\Run: [5gbo6cob] C:\\WINDOWS\\SYSTEM\\5gbo6cob.exe O4 - HKLM\\..\\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\\..\\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\\..\\RunServices: [SSDPSRV] C:\\WINDOWS\\SYSTEM\\ssdpsrv.exe O4 - HKLM\\..\\RunServices: [*StateMgr] C:\\WINDOWS\\System\\Restore\\StateMgr.exe O4 - HKLM\\..\\RunServices: [MOSearch] C:\\PROGRA~1\\COMMON~1\\SYSTEM\\MOSEARCH\\BIN\\MOSEARCH.EXE O4 - HKLM\\..\\RunServices: [MDM7] "C:\\PROGRAM FILES\\COMMON FILES\\MICROSOFT SHARED\\VS7DEBUG\\MDM.EXE" O4 - HKCU\\..\\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\\Program Files\\WinZip\\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~1\\OFFICE10\\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\\WINDOWS\\web\\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\\WINDOWS\\web\\related.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\\PROGRAM FILES\\SIDEFIND\\SIDEFIND.DLL O12 - Plugin for .spop: C:\\PROGRA~1\\INTERN~1\\Plugins\\NPDocBox.dll O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -

formatting link
- HKLM\\System\\CCS\\Services\\VxD\\MSTCP: Domain = shindengen.co.jp O17 - HKLM\\System\\CCS\\Services\\VxD\\MSTCP: NameServer = 10.52.7.200

I have also run jijack this in Safe Mode and I've got the following logs:

Running processes: C:\\WINDOWS\\SYSTEM\\KERNEL32.DLL C:\\WINDOWS\\SYSTEM\\MSGSRV32.EXE C:\\WINDOWS\\SYSTEM\\MPREXE.EXE C:\\WINDOWS\\EXPLORER.EXE C:\\WINDOWS\\SYSTEM\\RESTORE\\STMGR.EXE C:\\WINDOWS\\SYSTEM\\DDHELP.EXE C:\\WINDOWS\\SYSTEM\\STIMON.EXE C:\\PROGRAM FILES\\WINZIP\\WINZIP32.EXE C:\\WINDOWS\\TEMP\\HIJACKTHIS.EXE

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar =

formatting link
*
formatting link
- HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =
formatting link
*
formatting link
- HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://linemon/scripts/lmmain.exe?Refresh=5R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext =
formatting link
- HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyServer = proxy.sdp.shindengen.co.jp:8080 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

- (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\\PROGRAM FILES\\ADOBE\\ACROBAT 5.0\\READER\\ACTIVEX\\ACROIEHELPER.OCX O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\\WINDOWS\\NEM220.DLL O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\\PROGRAM FILES\\SIDEFIND\\SFBHO.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\WINDOWS\\SYSTEM\\MSDXM.OCX O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\\PROGRAM FILES\\YOURSITEBAR\\YSB.DLL O4 - HKLM\\..\\Run: [ScanRegistry] C:\\WINDOWS\\scanregw.exe /autorun O4 - HKLM\\..\\Run: [TaskMonitor] C:\\WINDOWS\\taskmon.exe O4 - HKLM\\..\\Run: [PCHealth] C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe

-s O4 - HKLM\\..\\Run: [SystemTray] SysTray.Exe O4 - HKLM\\..\\Run: [IrMon] irmon.exe O4 - HKLM\\..\\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\\..\\Run: [USTORAG] c:\\program files\\u-storage tools2.65\\ustorage.exe sys_auto_run C:\\PROGRAM FILES\\U-STORAGE TOOLS2.65 O4 - HKLM\\..\\Run: [IST Service] C:\\Program Files\\ISTsvc\\istsvc.exe O4 - HKLM\\..\\Run: [kiSFspV] C:\\WINDOWS\\RACPWKOF.EXE O4 - HKLM\\..\\Run: [Internet Optimizer] "C:\\Program Files\\Internet Optimizer\\optimize.exe" O4 - HKLM\\..\\Run: [5gbo6cob] C:\\WINDOWS\\SYSTEM\\5gbo6cob.exe O4 - HKLM\\..\\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\\..\\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\\..\\RunServices: [SSDPSRV] C:\\WINDOWS\\SYSTEM\\ssdpsrv.exe O4 - HKLM\\..\\RunServices: [*StateMgr] C:\\WINDOWS\\System\\Restore\\StateMgr.exe O4 - HKLM\\..\\RunServices: [MOSearch] C:\\PROGRA~1\\COMMON~1\\SYSTEM\\MOSEARCH\\BIN\\MOSEARCH.EXE O4 - HKLM\\..\\RunServices: [MDM7] "C:\\PROGRAM FILES\\COMMON FILES\\MICROSOFT SHARED\\VS7DEBUG\\MDM.EXE" O4 - HKCU\\..\\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\\Program Files\\WinZip\\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~1\\OFFICE10\\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\\WINDOWS\\web\\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\\WINDOWS\\web\\related.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\\PROGRAM FILES\\SIDEFIND\\SIDEFIND.DLL O12 - Plugin for .spop: C:\\PROGRA~1\\INTERN~1\\Plugins\\NPDocBox.dll O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -

formatting link
- HKLM\\System\\CCS\\Services\\VxD\\MSTCP: Domain = shindengen.co.jp O17 - HKLM\\System\\CCS\\Services\\VxD\\MSTCP: NameServer = 10.52.7.200

Please help me which of these things should I remove, and how do I remove it. Somebody told me that I should run and save a log file both on normal and safe modes. But the problem is, I don't know how to distinguish a potential spyware and malware.

Please help. Thanks!

Reply to
racer

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.