Logfile of HijackThis v1.99.1
Scan saved at 7:38:08 AM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Lisa\LOCALS~1\Temp\Tempora… Directory 2 for hijackthis.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 – URLSearchHook: Yahoo! Toolbar BETA – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d…
O1 – Hosts: 216.93.174.28 a.tribalfusion.com
O1 – Hosts: 207.44.240.65 rad.msn.com
O1 – Hosts: 216.93.174.28 view.atdmt.com
O1 – Hosts: 216.93.174.28 media.fastclick.net
O1 – Hosts: 216.93.174.28 ad.doubleclick.net
O1 – Hosts: 216.93.174.28 images.trafficmp.com
O1 – Hosts: 216.93.174.28 adfarm.mediaplex.com
O1 – Hosts: 216.93.174.28 media1.fastclick.net
O1 – Hosts: 216.93.174.28 media19.fastclick.net
O1 – Hosts: 216.93.174.28 media39.fastclick.net
O1 – Hosts: 216.93.174.28 count.exitexchange.com
O1 – Hosts: 216.93.174.28 leader.linkexchange.com
O1 – Hosts: 67.15.114.78 pagead2.googlesyndication.com
O1 – Hosts: 67.15.114.78 pagead.googlesyndication.com
O1 – Hosts: 216.93.174.28 ad.yieldmanager.com
O1 – Hosts: 67.15.114.78 ypn-js.overture.com
O1 – Hosts: 216.93.174.28 freeze.zedo.com
O2 – BHO: (no name) – 0@å – (no file)
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4EFB-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d…
O2 – BHO: (no name) – °?å – (no file)
O2 – BHO: (no name) – à?å – (no file)
O3 – Toolbar: Yahoo! Toolbar BETA – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d…
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [HP Software Update] “c:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
O4 – HKLM\..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 – HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 – HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – Startup: PowerReg Scheduler V3.exe
O4 – Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O15 – Trusted Zone: *.adgate.info (HKLM)
O15 – Trusted Zone: *.dollarrevenue.com (HKLM)
O15 – Trusted Zone: *.elitemediagroup.net (HKLM)
O15 – Trusted Zone: *.errorsafe.com (HKLM)
O15 – Trusted Zone: *.imagesrvr.com (HKLM)
O15 – Trusted Zone: *.matcash.com (HKLM)
O15 – Trusted Zone: *.media-motor.com (HKLM)
O15 – Trusted Zone: *.media-motor.net (HKLM)
O15 – Trusted Zone: *.mediatickets.net (HKLM)
O15 – Trusted Zone: *.mt-download.com (HKLM)
O15 – Trusted Zone: *.snipernet.biz (HKLM)
O15 – Trusted Zone: *.systemdoctor.com (HKLM)
O15 – Trusted Zone: *.winantivirus.com (HKLM)
O15 – Trusted Zone: *.winfixer.com (HKLM)
O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) – http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
O16 – DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) – https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 – DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) – http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
O16 – DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) – http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
O16 – DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) – http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
O18 – Filter: text/html – {2AB289AE-4B90-4281-B2AE-1F4BB034B647} – (no file)
O20 – Winlogon Notify: artm_newreg – C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\artm_ne… (file missing)
O20 – Winlogon Notify: polymorphreg – C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\polymor… (file missing)
O20 – Winlogon Notify: WgaLogon – C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 – SSODL: CDRecorder009 – {A3BC5E20-0235-1ABF-9CE1-00AA00512009} – C:\WINDOWS\system32\xcskzh32.dll (file missing)
O23 – Service: AVG Anti-Spyware Guard – Anti-Malware Development a.s. – C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 – Service: CAISafe – Computer Associates International, Inc. – C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 – Service: PCTEL Speaker Phone (Pctspk) – PCtel, Inc. – C:\WINDOWS\system32\pctspk.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: ProtexisLicensing – Unknown owner – C:\WINDOWS\system32\PSIService.exe
O23 – Service: VET Message Service (VETMSGNT) – CA, Inc. – C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
Posts Tagged ‘Hijackthis’
Regarding Yesterdays Question On Hidden Problem–here Is The Hijackthis Log?
Thursday, October 8th, 2009Please Help Me Which .exes To Delete? See Hijackthis Log Below,thanks?
Thursday, October 8th, 2009Logfile of HijackThis v1.99.0
Scan saved at 10:03:57 PM, on 4/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\System32\sched.exe
C:\windows\mousepad8.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Valentin Valov\My Documents\My Skype Received Files\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz…
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/s…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.c…
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.shaw.ca/start/enca/addons/s…
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.c…
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz…
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
R3 – Default URLSearchHook is missing
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Shaw Toolbar – {97720f21-6D88-4958-8AD3-83C12D86ADC7} – C:\PROGRA~1\shaw\bin\toolbar\shawbar.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d…
O4 – HKLM\..\Run: [CountrySelection] pctptt.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [shawnotify] c:\progra~1\shaw\update\updateloader.exe /notify
O4 – HKLM\..\Run: [Microsoft schedule] sched.exe
O4 – HKLM\..\Run: [keyboard] C:\windows\keyboard8.exe
O4 – HKLM\..\Run: [mousepad] C:\windows\mousepad8.exe
O4 – HKLM\..\Run: [newname] C:\windows\newname8.exe
O4 – HKLM\..\RunServices: [Microsoft schedule] sched.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Error Safe] “C:\Program Files\Error Safe Free\ers.exe” /min
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\ypager.exe” -quiet
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Yahoo! Messenger – {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 – Extra ‘Tools’ menuitem: Yahoo! Messenger – {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 – Extra ‘Tools’ menuitem: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: Yahoo! Chess – http://download.games.yahoo.com/games/cl…
O16 – DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) – http://us.dl1.yimg.com/download.yahoo.co…
O16 – DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) – http://moneycentral.msn.com/cabs/pmupd80…
O23 – Service: Network Monitor – Unknown – C:\Program Files\Network Monitor\netmon.exe
O23 – Service: W2k PCtel speaker phone – PCtel, Inc. – C:\WINDOWS\system32\pctspk.exe
O23 – Service: Microsoft Windows Update Service – Unknown – C:\WINDOWS\services.exe
Someone Check Out This Hijackthis! Logfile For Me?
Saturday, October 3rd, 2009I ran a spyware scan and these 3 things popped up:
softomate, zango-solitaire, and USB Monitor, but nothing shows up on my Hijack this or Regedit. I take good care of my computer and I can recognize spyware easily but I ran Hijack this just in case, what here looks wrong?
Logfile of HijackThis v1.99.1
Scan saved at 2:29:46 PM, on 6/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System320THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: BitComet ClickCapture – {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} – C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.2…
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [00THotkey] C:\WINDOWS\System320THotkey.exe
O4 – HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 – HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 – HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 – HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 – HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 – HKLM\..\Run: [TFNF5] TFNF5.exe
O4 – HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 – HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 – HKLM\..\Run: [NDSTray.exe] “C:\Program Files\Toshiba\ConfigFree\NDSTray.exe”
O4 – HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 – HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 – HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 – HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 – HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 – HKLM\..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 – HKCU\..\Run: [Uniblue SpyEraser] “C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe” -m
O4 – Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 – Extra context menu item: &AOL Toolbar search – res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 – IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 – DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} – http://software-dl.real.com/230c5ea76462d2c1fa20/netzip/RdxIE601.cab
O18 – Protocol: livecall – {828030A1-22C1-4009-854F-8E305202313F} – C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 – Protocol: msnim – {828030A1-22C1-4009-854F-8E305202313F} – C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 – Service: DVD-RAM_Service – Matsushita Electric Industrial Co., Ltd. – C:\WINDOWS\System32\DVDRAMSV.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: MD Simple Burner Service (NetMDSB) – Sony Corporation – C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 – Service: PACSPTISVR – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Sony SPTI Service (SPTISRV) – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Can You Tell Me What I Can Delete And What I Should Not Delete From This Hijackthis Scan Thatnks?
Saturday, October 3rd, 2009Scan saved at 4:04:55 PM, on 05/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.…
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.…
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.ex…
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.e…
C:\WINDOWS\system32\wuauclt.exe
C:\downloads\hijackthis\HijackThis.exe
O2 – BHO: (no name) – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {46e75f52-5800-42cd-b4b3-35f7dab6df55} – C:\WINDOWS\system32\notfci.dll
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: (no name) – {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} – C:\WINDOWS\system32\tmp18F7.tmp.dll
O4 – HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 – HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 – HKLM\..\Run: [WindowsService] rundll32.exe “C:\WINDOWS\qopnll.dll”,realset
O4 – HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 – HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 – HKCU\..\Run: [A00F2E2508B.exe] C:\DOCUME~1\Scott\LOCALS~1\Temp\_A00F2E2…
O4 – HKCU\..\Run: [A00F2E2509B.exe] C:\DOCUME~1\Scott\LOCALS~1\Temp\_A00F2E2…
O4 – HKCU\..\Run: [A00F2E25473.exe] C:\DOCUME~1\Scott\LOCALS~1\Temp\_A00F2E2…
O4 – Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.e…
O4 – Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Yahoo! Search – file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~3\Office10\EXCE…
O8 – Extra context menu item: Yahoo! &Dictionary – file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 – Extra context menu item: Yahoo! &SMS – file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 – Extra ‘Tools’ menuitem: Sun Java Console (HKLM)
O9 – Extra button: Yahoo! Services (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O15 – Trusted Zone: http://*.turbotax.com
O16 – DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) – http://www.apple.com/qtactivex/qtplugin.cab
O16 – DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) – https://signup.msn.com/pages/MsnInstC.cab
O16 – DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} – http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142527426296
O16 – DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37646.2465972222
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Please See This Log Of Hijackthis And Help Me Which To Delete. Thanks?
Wednesday, September 30th, 2009Logfile of HijackThis v1.99.0
Scan saved at 6:05:37 PM, on 4/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\System32\sched.exe
C:\windows\mousepad8.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Yahoo!\YPSR\ypsr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Valentin I. Vangelov\My Documents\My Skype Received Files\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz…
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/s…
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.c…
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.shaw.ca/start/enca/addons/s…
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.c…
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz…
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
R3 – Default URLSearchHook is missing
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Shaw Toolbar – {97720f21-6D88-4958-8AD3-83C12D86ADC7} – C:\PROGRA~1\shaw\bin\toolbar\shawbar.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d…
O4 – HKLM\..\Run: [CountrySelection] pctptt.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [shawnotify] c:\progra~1\shaw\update\updateloader.exe /notify
O4 – HKLM\..\Run: [Microsoft schedule] sched.exe
O4 – HKLM\..\Run: [keyboard] C:\windows\keyboard8.exe
O4 – HKLM\..\Run: [mousepad] C:\windows\mousepad8.exe
O4 – HKLM\..\Run: [newname] C:\windows\newname8.exe
O4 – HKLM\..\RunServices: [Microsoft schedule] sched.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Error Safe] “C:\Program Files\Error Safe Free\ers.exe” /min
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\ypager.exe” -quiet
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Yahoo! Messenger – {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 – Extra ‘Tools’ menuitem: Yahoo! Messenger – {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 – Extra ‘Tools’ menuitem: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: Yahoo! Chess – http://download.games.yahoo.com/games/cl…
O16 – DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) – http://us.dl1.yimg.com/download.yahoo.co…
O16 – DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) – http://moneycentral.msn.com/cabs/pmupd80…
O23 – Service: Network Monitor – Unknown – C:\Program Files\Network Monitor\netmon.exe
O23 – Service: W2k PCtel speaker phone – PCtel, Inc. – C:\WINDOWS\system32\pctspk.exe
O23 – Service: Microsoft Windows Update Service – Unknown – C:\WINDOWS\services.exe
Hijackthis Log – Any Suggestions? – System Is Slow And Uploading A Ton Of Packets?
Tuesday, September 29th, 2009Logfile of HijackThis v1.99.1
Scan saved at 11:15:01 AM, on 8/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3…
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.ex…
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Mark\Desktop\HijackThis.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: IexploreOmea – {09628AAA-66AD-4FA2-82E2-698185B66463} – (no file)
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 – HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 – HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 – HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 – HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Mark\Desktop\HijackThis.exe /startupscan
O4 – HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe “Mark”
O4 – Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O4 – Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCE…
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra button: WeatherBug – {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} – C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 – Unknown file in Winsock LSP: c:\spjavashim\spjvshim.dll
O10 – Unknown file in Winsock LSP: c:\spjavashim\spjvshim.dll
O10 – Unknown file in Winsock LSP: c:\spjavashim\spjvshim.dll
O10 – Unknown file in Winsock LSP: c:\spjavashim\spjvshim.dll
O10 – Unknown file in Winsock LSP: c:\spjavashim\spjvshim.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: ActiveGS.cab – http://www.virtualapple.org/activegs.cab
O16 – DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) – C:\Program Files\Yahoo!\common\yucconfig.dll
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} –
O17 – HKLM\System\CCS\Services\Tcpip\..\{1536A… NameServer = 208.67.222.222,208.67.220.220
O17 – HKLM\System\CS1\Services\Tcpip\..\{1536A… NameServer = 208.67.222.222,208.67.220.220
O17 – HKLM\System\CS2\Services\Tcpip\..\{1536A… NameServer = 208.67.222.222,208.67.220.220
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 – Service: AdobeActiveFileMonitor – Unknown owner – C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – ALWIL Software – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: avast! Antivirus – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: LVPrcSrv – Logitech Inc. – c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 – Service: PhotoshopElementsDeviceConnect – Unknown owner – C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 – Service: SlimServerMySQL – Unknown owner – C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1…
O23 – Service: SlimServer (slimsvc) – Unknown owner – C:\Program Files\SlimServer\server\slim.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 – Service: wwSecSvc – Webroot Software, Inc. – C:\WINDOWS\System32\wwSecure.exe
Can Anyone Tell Me What To Get Rid Of On My Hijackthis Log File?
Monday, September 7th, 2009Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\WINDOWS\System32\svcchosst.exe
C:\WINDOWS\system32\mdmdd.exe
C:\WINDOWS\system32\sscc.exe
C:\WINDOWS\system32\mfceee.exe
C:\WINDOWS\system32\sysems.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.ex…
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Malware\HJT1991.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\ftp.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: CNavExtBho Class – {BDF3E430-B101-42AD-A544-FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE “REBOOT”
O4 – HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 – HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [msvccc66] svcchosst.exe
O4 – HKLM\..\Run: [melg3445] C:\WINDOWS\system32\mdmdd.exe
O4 – HKLM\..\Run: [sixer566] C:\WINDOWS\system32\sscc.exe
O4 – HKLM\..\Run: [staeck122] C:\WINDOWS\system32\mfceee.exe
O4 – HKLM\..\Run: [sysmss] C:\WINDOWS\system32\sysems.exe
O4 – HKLM\..\RunServices: [msvccc66] svcchosst.exe
O4 – HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\ypager.exe” -quiet
O4 – HKCU\..\Run: [198_150_ni_7] “C:\Documents and Settings\christie sime\198_150_ni_7.exe”
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
O4 – HKCU\..\Run: [melg3445] C:\WINDOWS\system32\mdmdd.exe
O4 – HKCU\..\Run: [sixer566] C:\WINDOWS\system32\sscc.exe
O4 – HKCU\..\Run: [staeck122] C:\WINDOWS\system32\mfceee.exe
O4 – HKCU\..\Run: [sysmss] C:\WINDOWS\system32\sysems.exe
O4 – Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 – Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 – Global Startup: LUMIX Simple Viewer.lnk = ?
O4 – Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.ex…
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCE…
O9 – Extra button: ICQ – {6224f700-cba3-4071-b251-47cb894244cd} – C:\Program Files\ICQ\ICQ.exe
O9 – Extra ‘Tools’ menuitem: ICQ – {6224f700-cba3-4071-b251-47cb894244cd} – C:\Program Files\ICQ\ICQ.exe
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D…
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 – IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 – Trusted Zone: http://www.neededware.com
O16 – DPF: NDWCab – http://www.neededware.com/ndw3.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F2038… NameServer = 209.244.0.3 209.244.0.4
O20 – AppInit_DLLs:
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 – Service: AOL Connectivity Service (AOL ACS) – America Online, Inc. – C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: dllmgr64 – Unknown owner – C:\WINDOWS\dllmgr64.exe (file missing)
O23 – Service: ewido security suite control – ewido networks – C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\S…
O23 – Service: WAN Miniport (ATW) Service (WANMiniportService) – America Online, Inc. – C:\WINDOWS\wanmpsvc.exe