Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1
I keep getting this stupid little message popping up on my desktop and when I click on it, it does not close. I've run the things I was supposed to and following is the Log file of HJT (HELP!!) One thing I did do before I ran this was shut down my "Cyber Sentinel". Oddly it hasn't happened yet. The strange thing is though, I've had that program for about 3 years. I just upgraded it this week from the Cyber Sentinel Website. Could the upgrade be causing these problems?

Logfile of HijackThis v1.99.1
Scan saved at 1:59:11 PM, on

10/14/2005
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Norton Internet

Security\ISSVC.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security

suite\ewidoctrl.exe
C:\Program Files\ewido\security

suite\ewidoguard.exe
C:\Program Files\Intel\Intel

Application Accelerator\iaantmon.exe
C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common

Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Media

Experience\PCMService.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\Program

Files\Support.com\bin\tgcmd.exe
C:\Program Files\Microsoft

AntiSpyware\gcasDtServ.exe
C:\Program Files\mobile

PhoneTools\WatchDog.exe
C:\LMPC\lockpc.exe
C:\Program

Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Comcast\COMCAS~2\data\Xtra

s\mssysmgr.exe
C:\Program Files\Common

Files\Microsoft Shared\Works

Shared\WkCalRem.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Colleen

Crannell\Local Settings\Temporary

Internet

Files\Content.IE5\M1KJQDWP\HijackThis[

1].exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://www.comcast.net/
R1 -

HKCU\Software\Microsoft\Windows\Curren

tVersion\Internet

Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: DriveLetterAccess -

{5CA3D70E-1895-11CF-8E15-001234567890}

- C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSEvents Object -

{8DBF02DA-4360-4A7E-BEA1-347B87816327}

- C:\WINDOWS\system32\pmnlk.dll
O2 - BHO: SSSIEHelperObj Class -

{8F26EAA1-D8B4-41A2-994F-704AEEE25536}

- C:\WINDOWS\system32\hlpr.dll
O2 - BHO: Norton Internet Security -

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}

- C:\Program Files\Common

Files\Symantec

Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FADC6B084872}

- C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search -

{40D41A8B-D79B-43d7-99A7-9EE0F344C385}

- C:\Program Files\AIM

Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security

-

{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}

- C:\Program Files\Common

Files\Symantec

Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient]

c:\Program Files\Common

Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Symantec NetDriver

Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe

/Consumer
O4 - HKLM\..\Run: [PCMService]

"C:\Program Files\Dell\Media

Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ]

"C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program

Files\Support.com\bin\tgcmd.exe

/server /startmonitor /deaf
O4 - HKLM\..\Run: [KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program

Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [WatchDog]

C:\Program Files\mobile

PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Creative WebCam

Tray] C:\Program Files\Creative\Shared

Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CS3.0] C:\Program

Files\Security Software

Systems\CyberSentinel3.0\Engine.exe
O4 - HKLM\..\RunServices: [CS32]

C:\WINDOWS\c32cs2.exe
O4 - HKCU\..\Run: [Lock My PC]

C:\LMPC\lockpc.exe /s
O4 - HKCU\..\Run: [Weather] C:\Program

Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe

Media Manager]

C:\PROGRA~1\Comcast\COMCAS~2\data\Xtra

s\mssysmgr.exe
O4 - Startup: wkcalrem.LNK =

C:\Program Files\Common

Files\Microsoft Shared\Works

Shared\WkCalRem.exe
O8 - Extra context menu item: &AIM

Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll (file

missing)
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll (file

missing)
O9 - Extra button: (no name) -

{9239E4EC-C9A6-11D2-A844-00C04F68D538}

- (no file)
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}

- C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug -

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}

- C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

(HKCU)
O15 - Trusted Zone:

http://www.autolenderscars.com
O15 - Trusted Zone:

www.bankofamerica.com
O15 - Trusted Zone: www.bbb.org
O15 - Trusted Zone:

http://rewardzoneonline.bestbuy.com
O15 - Trusted Zone:

http://www.bestbuy.com
O15 - Trusted Zone:

http://images.carprices.com
O15 - Trusted Zone:

http://www.cingularextras.com
O15 - Trusted Zone:

http://forums.comcast.net
O15 - Trusted Zone:

http://photoshow.comcast.net
O15 - Trusted Zone: www.comcast.net
O15 - Trusted Zone:

http://www.seaview.fivestardealers.com
O15 - Trusted Zone:

http://www.fleet.com
O15 - Trusted Zone:

www.freeholdracewaymall.com
O15 - Trusted Zone:

http://*.jibjab.com
O15 - Trusted Zone: www.jwu.edu
O15 - Trusted Zone: *.myspace.com
O15 - Trusted Zone:

http://*.photobucket.com
O15 - Trusted Zone:

www.powerlineblog.com
O15 - Trusted Zone:

www.remsendodge.com
O15 - Trusted Zone:

http://www.state.nj.us
O15 - Trusted Zone:

http://www.streamaudio.com
O15 - Trusted Zone:

http://www.wrat.com
O15 - Trusted Zone:

http://ny.contentmatch.net (HKLM)
O16 - DPF:

{01012101-5E80-11D8-9E86-0007E96C65AE}

(SupportSoft Script Runner Class) -

http://www.comcastsupport.com/sdcxuser

/asp/tgctlsr.cab
O16 - DPF:

{01113300-3E00-11D2-8470-0060089874ED}

(Support.com Configuration Class) -

http://www.comcastsupport.com/sdccommo

n/download/tgctlcm.cab
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation

Tool) -

http://go.microsoft.com/fwlink/?linkid

=36467&clcid=0x409
O16 - DPF:

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -

http://security.symantec.com/SSC/Share

dContent/vc/bin/AvSniff.cab
O16 - DPF:

{4FE89055-5300-469E-AFAD-DEB3181EDE76}

(PearsonAsstX Control) -

http://www.mathxl.com/applets/PearsonI

nstallAsst.cab
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Sha

redContent/common/bin/cabsa.cab
O16 - DPF:

{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

(cpbrkpie Control) -

http://a19.g.akamai.net/7/19/7125/1450

/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF:

{C4DD6732-1E82-4AE7-BD94-180331B84082}

(DeltaCVX Control) -

http://www.mathxl.com/applets/DeltaCVX

.cab
O16 - DPF:

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

(ActiveDataInfo Class) -

https://www-secure.symantec.com/techsu

pp/asa/SymAData.cab
O16 - DPF:

{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}

(iTunesDetector Class) -

http://ax.phobos.apple.com.edgesuite.n

et/detection/ITDetector.cab
O16 - DPF:

{DAEB8818-608B-40D2-8AD6-193753623CEB}

-

http://pdl.stream.aol.com/downloads/ao

l/unagi/ampx_en_dl.cab
O16 - DPF:

{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

(PopCapLoader Object) -

http://antu.popcap.com/games/popcaploa

der_v6.cab
O16 - DPF:

{E77C0D62-882A-456F-AD8F-7C6C9569B8C7}

(ActiveDataObj Class) -

https://www-secure.symantec.com/techsu

pp/activedata/ActiveData.cab
O16 - DPF:

{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}

(IWinAmpActiveX Class) -

http://pdl.stream.aol.com/downloads/ao

l/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: pmnlk -

C:\WINDOWS\system32\pmnlk.dll
O23 - Service: AOL Connectivity

Service (AOL ACS) - America Online,

Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller -

Unknown owner -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy

(ccProxy) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings

Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for

CDROM Access - Creative Technology Ltd

- C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite

control - ewido networks - C:\Program

Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite

guard - ewido networks - C:\Program

Files\ewido\security

suite\ewidoguard.exe
O23 - Service: IAA Event Monitor

(IAANTMon) - Intel Corporation -

C:\Program Files\Intel\Intel

Application Accelerator\iaantmon.exe
O23 - Service: ISSvc (ISSVC) -

Symantec Corporation - C:\Program

Files\Norton Internet

Security\ISSVC.exe
O23 - Service: Norton AntiVirus

Auto-Protect Service (navapsvc) -

Symantec Corporation - C:\Program

Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPH11 - HP -

C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec

Corporation - C:\Program Files\Norton

Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1

\SBServ.exe
O23 - Service: Symantec Network

Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc

(SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC -

Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC)

- Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW)

Service (WANMiniportService) - America

Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello neitowl and welcome to TSF,

Your log is very difficult to read in this format. Please turn WordWrap off in Notepad.

Run another scan with HijackThis and post the log here again.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top