HijackThis Log

  1. 13-04-2007  #1
    jeffy
    jeffy is offline Junior Member

    HijackThis Log

    Here is a log that a friend sent me. He's having issues. Any help is appreciated.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:57:37 PM, on 4/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Cox\Applications\App\syssvcnt.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\PhnxCDSvr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
    C:\Program Files\RF Wireless Mouse\cm20.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\SpywareBot\SpywareBot.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Cox\Applications\app\Console.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
    C:\Documents and Settings\Corey\Local Settings\Temporary Internet Files\Content.IE5\OFVN2C91\HiJackThis_v2[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kstatesports.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\sw g.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart
    O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe"
    O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background
    O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Object\pmsnrr.exe
    O4 - HKUS\S-1-5-21-1190701670-3502955449-2841343120-1007\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" (User 'Maleah')
    O4 - HKUS\S-1-5-21-1190701670-3502955449-2841343120-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Maleah')
    O4 - HKUS\S-1-5-21-1190701670-3502955449-2841343120-1007\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Maleah')
    O4 - HKUS\S-1-5-21-1190701670-3502955449-2841343120-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Maleah')
    O4 - HKUS\S-1-5-21-1190701670-3502955449-2841343120-1007\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot (User 'Maleah')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102414635562
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll
    O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - c:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 12279 bytes

  3. 13-04-2007  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

    It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.
    • Create a new folder in your C: Drive.
    • Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and
    • Move the HijackThis.exe file into the newly created FOLDER.
    • Run HJT from there (and revise your shortcut accordingly).




    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    DO NOT RUN ANY OTHER OPTIONS UNTIL REQUESTED TO. This is very important to get an optimal and comprehensive fix.



    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
+ Reply to Thread
« HJT log posted.. pop ups are killing me! | Slow with Pop-ups »