What do I delete onLogfile of HijackThis v1.97.7 I have not used this program before and am wondering what to delete?
Scan saved at 10:41:26 AM, on 11/23/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc0
1a.exe
C:\WINDOWS\system32\spools
v.exe
C:\WINDOWS\System32\brss01
a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\686886
01.exe
C:\Program Files\MUSICMATCH\MUSICMATC
H Jukebox\mmtask.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\PowerPanel\Program\P
cfMgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\System32\BRMFRS
MG.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msiexe
c.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\default\LOCALS
~1\Temp\Ra
r$EX01.603
\HijackThi
s.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer,SearchURL =
http://www.spidersearch.com/frame_results.phpR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://www.spidersearch.com/frame_results.phpR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://www.spidersearch.com/frame_results.phpR0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.abcnews.com/R1 - HKCU\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://www.spidersearch.com/frame_results.phpR0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://www.spidersearch.com/frame_results.phpR1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.ht
m
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page_bak =
http://www.abcnews.com/R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-
00C04FD644
97} - (no file)
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6
889D1E7416
7} - C:\WINDOWS\host.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1
AA7A44296D
A} - C:\WINDOWS\System32\imd01.
dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4
A4827C2E4C
8} - C:\WINDOWS\nem214.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\System32\msdxm.
ocx
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-3
42DD80FA53
E} - C:\PROGRA~1\COPERN~1\COPER
N~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
859DF00B1D
6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
rep 0 -k
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOVCJQ] C:\WINDOWS\AOVCJQ.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
H Jukebox\mmtask.exe
O4 - HKLM\..\Run: [63357180.exe] C:\WINDOWS\System32\633571
80.exe
O4 - HKCU\..\Run: [POPUPWATCH] C:\Program Files\BulletProofSoft.com\
SpywareRem
over\popup
-watch\Pop
UpWatch.ex
e /STARTUP
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\P
cfMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
obe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1
\Office10\
EXCEL.EXE/
3000
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
dll
O16 - DPF: {00000EF1-0786-4633-87C6-1
AA7A44296D
A} (F1 Organizer Class) -
http://www.netpaloffers.net/NetpalOffers/DMO1/imd01.cabO16 - DPF: {02BF25D5-8C17-4B23-BC80-D
3488ABDDC6
B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cabO16 - DPF: {10000273-8230-4DD4-BE4F-6
889D1E7416
7} -
http://download.abetterinternet.com/download/cabs/TUR38106/turbo.cabO16 - DPF: {20000273-8230-4DD4-BE4F-6
889D1E7416
7} -
http://download.abetterinternet.com/download/cabs/TUR38106/payload2.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
0105AA9B6A
E} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {30528230-99F7-4BB4-88D8-F
A1D4F56A2A
B} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cabO16 - DPF: {38578BF0-0ABB-11D3-9330-0
080C6F796A
1} (Create and Print ActiveX Plug-in) -
http://di.imgag.com/imgag/cp/install/AxCtp.cabO16 - DPF: {3E68E405-C6DE-49FF-83AE-4
1EE9F4C36C
E} (Office Update Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cabO16 - DPF: {4FCFF034-6F56-4D65-8C31-7
0D98C47542
8} (ddm_download.ddm_control)
-
http://bins.dynamicdesktopmedia.com/cab/ddm_control.CABO16 - DPF: {62789780-B744-11D0-986B-0
0609731A21
D} (Autodesk MapGuide ActiveX Control) -
http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cabO16 - DPF: {8522F9B3-38C5-4AA4-AE40-7
401F1BBC85
1} -
http://www.hot.ee/sexcam/tool.exeO16 - DPF: {90C9629E-CD32-11D3-BBFB-0
0105A1F0D6
8} (InstallShield International Setup Player) -
http://www.installengine.com/engine/isetup.cabO16 - DPF: {94742E3F-D9A1-4780-9A87-2
FFA43655DA
2} -
http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack_XP.cabO16 - DPF: {9F1C11AA-197B-4942-BA54-4
7A8489BB47
F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37638.5447569444O16 - DPF: {AE1C01E3-0283-11D3-9B3F-0
0C04F8EF46
6} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
0105AA9B6A
E} (Symantec RuFSI Registry Information Class) -
http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
4455354000
0} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {D35A69A7-7A34-4C67-814A-3
F508C0BF37
1} -
http://traffichog.com/toolbar/bmeb.cabO16 - DPF: {DF6A0F17-0B1E-11D4-829D-0
0C04F6843F
E} (Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cabO16 - DPF: {E8EDB60C-951E-4130-93DC-F
AF1AD25F8E
7} (MoneyTree Dialer) -
http://cdn.climaxbucks.com/mt/dialers/fc/UniDistIO.CABO16 - DPF: {F5192746-22D6-41BD-9D2D-1
E75D14FBD3
C} (ddm_download.ddm_control)
-
http://download.rfwnad.com/cab/crack.CABO16 - DPF: {FC87A650-207D-4392-A6A1-8
2ADBC56FA6
4} (MultiDist) -
http://xbs.climaxbucks.com/internet-optimizer/080703/MultiDist.CAB
