home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > General Tech Discussion
Help with Hijack This Help with Hijack This
Ask a Tech Support Question (free)!

Help with Hijack This

Reply
Get bargains at  »  Dealighted.com
 
Thread Tools Search this Thread
Currently Active Users: 2170
Discussions: 200,915, Posts: 2,378,977, Members: 246,282
Old May 24th, 2004, 02:23 PM   Digg it!   #1 (permalink)
Member
 
Join Date: May 2003
Location: Pittsburgh, PA
Posts: 397
Help with Hijack This
Here is my HIJACK THIS File, what should I get rid of?

Logfile of HijackThis v1.97.7
Scan saved at 1:22:14 PM, on 05/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ares Lite Edition\AresLite.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\My music\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ecampus.bentley.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://ecampus.bentley.edu"); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 141.133.112.5 Pan
O1 - Hosts: 141.133.112.3 Atlas
O1 - Hosts: 141.133.112.75 Artemis
O1 - Hosts: 141.133.112.75 Electra
O1 - Hosts: 141.133.64.36 Admin1
O1 - Hosts: 141.133.64.36 Ares
O1 - Hosts: 141.133.64.35 Admin2
O1 - Hosts: 141.133.64.35 Trivia
O1 - Hosts: 141.133.60.12 Facstaff
O1 - Hosts: 141.133.60.13 Student1
O1 - Hosts: 141.133.60.14 Student2
O1 - Hosts: 141.133.60.15 Appserv1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckOD Ls
O4 - HKLM\..\Run: [McAfee Antivirus] McAfeeAV.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\RunServices: [McAfee Antivirus] McAfeeAV.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://student2.bentley.edu/iNotes.cab
O16 - DPF: {58EFF30B-73CE-4841-945A-7730FC869C30} (PatchDetection.PatchDetect) - https://deploy.bentley.edu/controls/PatchDetection.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...871.5916319444
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/p...im/install.cab
O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} - http://pmb001.3m.com/pub/psnotes/psnudate.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9303C18-FB61-4328-81B7-12CBE905CD70}: NameServer = 192.168.2.1
fufiter9246 is offline   Reply With Quote
Old May 24th, 2004, 07:29 PM     #2 (permalink)
'G'
Member
 
Join Date: Oct 2001
Location: UK
Posts: 261
This is a Virus:

C:\WINDOWS\System32\smss.exe

Update NAV and carry out a thorough scan.
'G' is offline   Reply With Quote
Old May 24th, 2004, 07:53 PM     #3 (permalink)
Ultimate Member
 
uethello's Avatar
 
Join Date: Oct 2001
Location: Charlotte, NC
Posts: 1,700
http://www.liutilities.com/products/...slibrary/smss/

Not sure about the smss.exe.

I'd take each of those exe files and search for them one at a time on google.

Do you have adaware or spybot S&D?
uethello is offline   Reply With Quote
Old May 24th, 2004, 08:43 PM     #4 (permalink)
'G'
Member
 
Join Date: Oct 2001
Location: UK
Posts: 261
'G' is offline   Reply With Quote
Old May 25th, 2004, 04:49 AM     #5 (permalink)
Member
 
links's Avatar
 
Join Date: Jun 2003
Location: Alaska
Posts: 162
Why exactly are you trying to get rid of something? What is wrong with your system? We need some more info before we tell you to start deleting stuff
links is offline   Reply With Quote
Old May 25th, 2004, 04:56 AM     #6 (permalink)
Newbie
 
filipino's Avatar
 
Join Date: May 2004
Location: Philippines
Posts: 3,894
WinTasks Process Library

smss - smss.exe - Process Information

Process File: smss or smss.exe
Process Name: Session Manager Subsystem
Description: Application that is used to start, manage, and delete user sessions or client sessions under Terminal Server.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A

not a virus
filipino is offline   Reply With Quote
Old May 25th, 2004, 04:44 PM     #7 (permalink)
Member
 
Join Date: May 2003
Location: Pittsburgh, PA
Posts: 397
just wondering if there was any cleaning that you guys could suggest?
fufiter9246 is offline   Reply With Quote
Old May 25th, 2004, 04:50 PM     #8 (permalink)
The FNG
 
rrcn's Avatar
 
Join Date: Nov 2003
Location: SoCal
Posts: 5,605
Yea, if you dont already have, get Ad-aware and Spybot S&D. Update the definitions and scan your computer.
rrcn is offline   Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Logo Design Competition! Shabow Graphic Design and Digital Photography 112 February 5th, 2005 12:42 AM
Help with Homepage being hijacked maximus01can Security and Privacy Issues 5 May 15th, 2004 07:51 AM
Netzero hijacked my autosearch waynezo Security and Privacy Issues 1 May 6th, 2004 10:25 AM
Help with IE Problem maximus01can Networking and Internet 12 December 8th, 2003 02:07 PM
Did Intelligence Warn of Possible Hijackings Before 9/11 ? MegalosSkylaki IMO Community 43 May 22nd, 2002 02:35 AM


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Most Active Discussions
Is It Just Me? (2830)
Why is Khalid Sheikh Mohammed even .. (7)
Is the PSU I received dead? (10)
Install XP pro and a Vista laptop ?.. (8)
HIS HD5770 graphic card question (15)
A good PSU? (10)
Foreign voltage (7)
Print spooler problem (9)
New Computer wont recognize XP disc (7)
Dept. of HS: NSA 'Helped' Develop V.. (12)
Ideal cheap graph card for PC-Gamin.. (15)
EVGA 9800 gtx help with finding a g.. (7)
Modern Warfare 2: Who Bought It? (60)
Mysterious Boot manager (9)
Recent Discussions
Problem with speed step/turbo boost? (0)
SIS 740 and Widescreen (8)
Baffling Problem with my CPU/MoBo's. .. (0)
Display shows 3x5 inch in middle of s.. (0)
Print spooler problem (9)
windows vista security holes (3)
HIS HD5770 graphic card question (15)
Best file format to play on Windows H.. (0)
PSP Go bought in Japan (0)
Foreign voltage (7)
Asus P4G8X Mobo (3)
World's largest Monopoly Game using G.. (329)
EVGA 9800 gtx help with finding a goo.. (7)
Need hard disk drivers (4)
windows 7 internet problem (4)
What OS for a home server? (other tha.. (1)
Boot Problem? (0)
Logitech G9 laser gaming mouse $59.95.. (2)
$5 off any item with the purchase of .. (1)
Ideal cheap graph card for PC-Gaming? (15)
Install XP pro and a Vista laptop ?? (8)
Cloning old drive to new drive (6)
Amptron monitor G17FP-Black (0)
A good PSU? (10)
Is the PSU I received dead? (10)


All times are GMT -4. The time now is 12:42 PM.
TechIMO Copyright 2009 All Enthusiast, Inc.

Contact Us - Tech Support Forums - TechIMO.com - Archive - Privacy Statement - Terms of Use -
Coupons and Deals and Dealighted - Store Ratings, Avoid Scam Businesses - Geek News - Tech News for the Geek In You- Web Business Blog - Top


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28