Sponsored By

Sign in to follow this  
Dan

Yet Another Hjt Log....

Recommended Posts

Well, B (or whoever answers this log), I ran CWShredder, Norton. I took a look at the log, uninstalled New.net, used LSPFix and fixed a broken 010.....um..got rid of a BHO, some startup items...., some 016's....nothing that would mess my system..., need to boot into safe mode, delete some crap, end some processes, whatever. BTW, the 017's are good...so don't waste your time on them.. Tell me what to do please!! Log below:

Logfile of HijackThis v1.99.0

Scan saved at 9:44:24 PM, on 12/17/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE

C:\Program Files\Save\Save.exe

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

C:\Program Files\ClockSync\Sync.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\Program Files\Date Manager\DateManager.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\PrecisionTime\PrecisionTime.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe

C:\PROGRA~1\NORTON~1\NAVW32.exe

C:\Program Files\America Online 9.0a\waol.exe

C:\Program Files\America Online 9.0a\shellmon.exe

C:\Program Files\America Online 9.0a\aolwbspd.exe

C:\Documents and Settings\Ray Cross\My Documents\HJT\HijackThis1.99.0.exe

C:\windows\system32\ossproxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX.cab

O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0FFF8F1A-C1F2-4793-BDAA-BABEC3E1566F}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip\..\{0FFF8F1A-C1F2-4793-BDAA-BABEC3E1566F}: NameServer = 205.188.146.145

O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Share this post


Link to post
Share on other sites

This is the original log BEFORE I edited it:

Logfile of HijackThis v1.99.0

Scan saved at 9:13:06 PM, on 12/17/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Save\Save.exe

C:\windows\system32\ossproxy.exe

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

C:\Program Files\ClockSync\Sync.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\Program Files\Date Manager\DateManager.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\PrecisionTime\PrecisionTime.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe

C:\PROGRA~1\NORTON~1\NAVW32.exe

C:\Program Files\America Online 9.0a\waol.exe

C:\Program Files\America Online 9.0a\shellmon.exe

C:\Program Files\America Online 9.0a\aolwbspd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\Documents and Settings\Ray Cross\My Documents\HJT\HijackThis199[www.click-now.net].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.spiz.ws/ashleycam1/plugin.exe

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX.cab

O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab

O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7} (AInst Class) - http://www.absolutefreesmut.com/activeinstaller.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{0FFF8F1A-C1F2-4793-BDAA-BABEC3E1566F}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip\..\{0FFF8F1A-C1F2-4793-BDAA-BABEC3E1566F}: NameServer = 205.188.146.145

O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Share this post


Link to post
Share on other sites

Rock, this is the current log:

Logfile of HijackThis v1.99.0

Scan saved at 2:00:14 PM, on 12/18/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\Documents and Settings\Ray Cross\My Documents\HJT\HijackThis1.99.0.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Palm MulitUser Config] C:\Program Files\Palm\Configtool.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this