Thread: HijackThis Log
View Single Post
Old 07-24-2006, 08:19 PM   #1 (permalink)
cwhalen
Registered User
 
Join Date: Jun 2006
Posts: 41
OS: windows xp


HijackThis Log
Could someone please my HijackThis Log?

Logfile of HijackThis v1.99.1
Scan saved at 9:09:10 PM, on 7/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.e

xe
C:\Program Files\Norton

AntiVirus\navapsvc.exe
C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec

Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100

Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100

Series\lxbkbmon.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program

Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\Program

Files\Logitech\MouseWare\system\em_exec.ex

e
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program

Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Carol

Whalen\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{243B17DE-77C7-46BF-B94B-0B5F309A0E64} -

C:\Program Files\Microsoft

Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection

- {4A368E80-174F-4872-96B5-0B27DDD11DB2} -

C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper -

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus -

{C4069E3A-68F1-403E-B40E-20066696354B} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SmcService]

"C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [CleanIt] "C:\Program

Files\CleanIt\cleanit.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series]

"C:\Program Files\Lexmark X1100

Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Logitech Utility]

Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program

Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program

Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program

Files\Norton AntiVirus\CfgWiz.exe" /GUID

{0D7956A2-5A08-4ec2-A72C-DF8495A66016}

/MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [Microsoft Works Update

Detection] "c:\Program Files\Microsoft

Works\WkDetect.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program

Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program

Files\SpywareGuard\sgmain.exe
O4 - Startup: TrueAssistant.lnk = C:\Program

Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search

- res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate

English Word - res://c:\program

files\google\GoogleToolbar1.dll/cmwordtrans.h

tml
O8 - Extra context menu item: Backward Links -

res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.ht

ml
O8 - Extra context menu item: Cached

Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -

res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page

into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console

- {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ -

{6224f700-cba3-4071-b251-47cb894244cd} -

C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ -

{6224f700-cba3-4071-b251-47cb894244cd} -

C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) -

{85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall

BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide -

{E023F504-0C5A-4750-A1E7-A9046DEA8A21} -

C:\Program Files\Microsoft

Money\System\mnyside.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program

Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF:

START_PAGE_URL=http://www.emachines.com
O16 - DPF:

{04E214E5-63AF-4236-83C6-A7ADCBF9BD02}

(HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xs

can60.cab
O16 - DPF:

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

(CKAVWebScan Object) -

http://www.kaspersky.com/kos/english/kavweb

scan_unicode.cab
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF:

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedCon

tent/vc/bin/AvSniff.cab
O16 - DPF:

{406B5949-7190-4245-91A9-30A17DE16AD0}

(Snapfish Activia) -

http://photo.walgreens.com/WalgreensActivia.c

ab
O16 - DPF:

{41F841C1-AE16-11D5-8817-0050DA6EF5E5}

(FarPoint Spread 6.0) -

https://www.doralusa.com/services/SPR32X60.

cab
O16 - DPF:

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}

(MSN Photo Upload Tool) -

http://by107fd.bay107.hotmail.msn.com/resour

ces/MsnPUpld.cab
O16 - DPF:

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

(BDSCANONLINE Control) -

http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedCon

tent/common/bin/cabsa.cab
O16 - DPF:

{6A344D34-5231-452A-8A57-D064AC9B7862}

(Symantec Download Manager) -

https://webdl.symantec.com/activex/symdlmgr.

cab
O16 - DPF:

{72C9EA8F-8965-40C2-ABAD-D460A5815F86}

(hostCntrlIE Class) -

http://host.oddcast.com/hostClientIE.cab
O16 - DPF:

{74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/

housecall.trendmicro.com/housecall/xscan53.c

ab
O16 - DPF:

{7B297BFD-85E4-4092-B2AF-16A91B2EA103}

(WScanCtl Class) -

http://www3.ca.com/securityadvisor/virusinfo/w

ebscan.cab
O16 - DPF:

{958FCAB0-616B-11D3-A63F-00001B322780}

(TimetickerLittleHelpers.usfServer) -

http://www.timeticker.com/Timeset/TcpServer.

CAB
O16 - DPF:

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5fr

ee/asinst.cab
O16 - DPF:

{B80F9FCE-DFDD-4A2A-8AA9-E05C6B7D4ED3}

-

http://www.smileyworld.com/Toolbar/SmileyWo

rld.cab
O16 - DPF:

{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}

(ASquaredScanForm Element) -

http://www.windowsecurity.com/trojanscan/axs

can.cab
O16 - DPF:

{FE5B9F54-7764-4C01-89F0-4862601EE954}

(DigWebHelper Class) -

http://photos.msn.com/resources/neutral/contr

ols/DigWebX2.cab?10,0,910,0
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier -

WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler

- Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.e

xe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager

(ccSetMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer,

Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) -

Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec

Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.

EXE
O23 - Service: Norton AntiVirus Auto-Protect

Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton

AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall

Monitor Service (NPFMntor) - Symantec

Corporation - C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center

Service (NSCService) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) -

Symantec Corporation - C:\Program

Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall

(SmcService) - Sygate Technologies, Inc. -

C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers

Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) -

Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service

(WANMiniportService) - America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe
cwhalen is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here