Hello!

I am new here and I thought that you could help me. I want to stay virus/spyware/malware free and I started my crusade to get rid of anything on my computer what is bad for it. I have a lot to learn... and I don't know anything about Hijack this logs.

Could you help me? If you find anything in my log what should not be there could you tell me what to remove and why? Thanks!

Btw I don't have Sophos antivirus on my computer. I installed it for very short time (my uni provides it for free to students) and I tried to remove it the same day, because it didn't want to work at all. I failed :mad:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:12:20, on 17/04/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jacob\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.channel4.com/entertainment/tv/microsites/L/lost/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BE02E06-F5BA-4DF5-AFBF-CA6258A04629}: NameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{820ECF7A-5270-4F32-B556-8F06D2623524}: NameServer = 194.74.65.68,194.72.9.34
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing)
O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing)
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 5362 bytes

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing)
O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing)

Uncheck those, nothing "Bad" though.

Did you uninstall sophos from add/remove programs?

NOD32 and windows defender are good.

For more protection google and download spyware blaster, and spybot, turn on spybots immunize feature.

Also if you want to go super anal, Super antispyware is another good scanner to have.

Are you using a firewall app or behind a router?

I just removed those two...

The story with Sophos is strange. I would not consider miself as a beginner when it comes to computers, but I could not remove Sophos. I installed it (installation looked normal) and after that Sophos was running, but... I could not acces any setting or even open the program. If you are familiar with Sophos you get this little icon in the task bar looking like a shield. Nrmally it would be blue and it would allow me to acces all settings/menus anything to do with Sophos.

It was all the time gray, I could not update it, remove it (using add/remove or even ccleaner) or even remove entry in the list of installed programs... :mad: I just gave up at some stage.

Btw network administrator of my uni had a go at this and he could not remove it as well. Wierd..

I a noob when it comes to networks. I don't have firewall (apart from windows firewall), but I have a rooter in my house (one which covers my house with wireless network if this what you were asking). Should I consider getting one? My computer is slow enough at the moment :cry:

A router is good it gives you NAT, with that you dont need a firewall.


I'm not familiar with sophos, I would say teh only way you'd remove it is to delete the folder and run a registry cleaner.

Done it. Seem to be OK. I am sure that there is something left over, but I am not worried. At some stage it will be deleted :)

Thank you a lot. You were very helpful :thumb:

with that you dont need a firewall.

My dad is anal, everyone on our network needs Norton Protection Centre.... It's el-crappo. I hate it...

Ya some system files are left more than likely, but you'll live, not really worth the effort to reinstall just cuz of that.

I would not reintall windows on this machine. I have Acer laptop and it came with preinstalled winxp on it (I bought it 2 years ago). Since then I didn't have any problems with my windows. And anyway it came with 3 recovery cd or something like this and I would not risk to use them. I dont trust them ;)