hijackthis log-Are there any problems here?
-
hijackthis log-Are there any problems here?
Can anyone find problems in this log?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:23 PM, on 3/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
D:\My programs folder\MAXIS (sims)\Sims.exe
C:\DOCUME~1\Kids\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {09268BF8-2816-4716-91CA-0B6B72460AB7} - (no file)
O2 - BHO: (no name) - {2374D2C3-D6F5-4938-8135-38B033CEEDEE} - (no file)
O2 - BHO: (no name) - {26E4E367-1DC4-4491-8FE4-B5FDE961432B} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RE.exe] D:\My programs folder\Registry Easy\RE.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] D:\My programs folder\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: FREE 3D MODELS, More than 350 free meshes: Cars, Characters, Weapons, Office etc.
O15 - Trusted Zone: http://*.666games.net
O15 - Trusted Zone: Adobe
O15 - Trusted Zone: Adventure Game Studio
O15 - Trusted Zone: AIR ITALY - Lots of lines. Just one company.
O15 - Trusted Zone: http://*.armorgames.com
O15 - Trusted Zone: Untitled Document
O15 - Trusted Zone: DragonFable: Page Moved or Deleted
O15 - Trusted Zone: MechQuest
O15 - Trusted Zone: AdventureQuest
O15 - Trusted Zone: Bear or Not? free *** bear pics bears chubby
O15 - Trusted Zone: BGfL - BGfL Homepage - BGfL Homepage 2008
O15 - Trusted Zone: Sign In - Comet passport
O15 - Trusted Zone: Bitefight
O15 - Trusted Zone: Box.net - Online File Storage, Internet File Sharing, Online Storage, Access Documents & Files Anywhere, Backup Data, Send Files
O15 - Trusted Zone: CoolROM.com - ROMs and Emulators - SNES ROMs NES ROMs Neo Geo ROMs Genesis ROMs N64 ROMs MAME ROMs GBA ROMs
O15 - Trusted Zone: Free Internet games @ CrazyMonkeyGames.com
O15 - Trusted Zone: dot 3D Games - Play free 3D games online - new games
O15 - Trusted Zone: dot 3D Games - Play free 3D games online - new games
O15 - Trusted Zone: DragonFable - Free Web RPG
O15 - Trusted Zone: Emule Games - free games, free online games
O15 - Trusted Zone: - FileFront.com
O15 - Trusted Zone: Game Downloads, Game Patches - FileFront.com
O15 - Trusted Zone: You are now playing The Last Stand 2 at Free Online Games .com
O15 - Trusted Zone: Webs.com - Free website, free hosting, free webpage - Make a web site with photo albums, blogs, videos, forums and more!
O15 - Trusted Zone: Genki English, ESL games, songs and ideas to turn ESL lessons into super lessons.
O15 - Trusted Zone: Google Image Search
O15 - Trusted Zone: Google Maps
O15 - Trusted Zone: Google
O15 - Trusted Zone: GrownUpGames.com - Online Games
O15 - Trusted Zone: Habbo US ~ Home
O15 - Trusted Zone: Kioskea - Computing community
O15 - Trusted Zone: Kongregate: Play free games online
O15 - Trusted Zone: Tripod | Build
O15 - Trusted Zone: Free Website Hosting - Tripod free website templates to make your own free website
O15 - Trusted Zone: Free Games - MoFunZone.com
O15 - Trusted Zone: http://www.orkut.co.in
O15 - Trusted Zone: http://www.orkut.com
O15 - Trusted Zone: [ PerspectX.com - Design Services and Products ]
O15 - Trusted Zone: madegames0catch
O15 - Trusted Zone: Play Zombie Games
O15 - Trusted Zone: PrizeRebel.com | Free Xbox 360 Live Points, Free Wii Points, Free Xbox 360 Games, Nexon Cards!
O15 - Trusted Zone: http://*.romhustler.net
O15 - Trusted Zone: ROMNation.NET Roms and Emulators SNES Roms MAME Roms N64 roms
O15 - Trusted Zone: Official site of Sigma Team company - Home
O15 - Trusted Zone: Free Software Download for Windows , Linux , Unix and Mac Os.
O15 - Trusted Zone: http://*.softnyx.net
O15 - Trusted Zone: Welcome to the Toys"R"Us web site
O15 - Trusted Zone: Harmen van der Wal
O15 - Trusted Zone: Play Games Online For Cash - Solitaire, Bejeweled 2 and More Online Games - WorldWinner Cash Competitions
O15 - Trusted Zone: YouTube - Broadcast Yourself.
O15 - Trusted Zone: Game Maker Community (Powered by Invision Power Board)
O15 - Trusted Zone: YoYo Games | Home
O15 - Trusted Zone: Game Maker Community (Powered by Invision Power Board)
O15 - Trusted Zone: http://download.zonealarm.com
O15 - Trusted Zone: http://www.zonealarm.com
O15 - Trusted Zone: Zoo Sex Tube - animal sex, dog ****, bestiality porn, horse sex, free beastiality, zoo ****ing
O15 - Trusted Zone: http://*.zootycoon.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} -
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.7.109.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} -
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1202011383984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1202011487250
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} -
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{73F23586-8158-4BF8-9312-57C4D30A893B}: NameServer = 203.2.75.132 198.142.0.51
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_4D911F3F6C81CCC0.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: xxyyyYPj - C:\WINDOWS\
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10993 bytes
Thanks 
-
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:- Run Spybot-S&D
- Go to the Mode menu, and make sure "Advanced Mode" is selected
- On the left hand side, choose Tools -> Resident
- Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.
Run hijackthis and click on "scan system only" button and put checks next to these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {5a089bcd-c7f1-4064-8702-f58d8bd5d61f} - (no file)
O2 - BHO: (no name) - {09268BF8-2816-4716-91CA-0B6B72460AB7} - (no file)
O2 - BHO: (no name) - {2374D2C3-D6F5-4938-8135-38B033CEEDEE} - (no file)
O2 - BHO: (no name) - {26E4E367-1DC4-4491-8FE4-B5FDE961432B} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O4 - Startup: PowerReg Scheduler.exe
O15 - Trusted Zone: Zoo Sex Tube - animal sex, dog ****, bestiality porn, horse sex, free beastiality, zoo ****ing
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} -
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} -
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} -
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} -
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -
O20 - Winlogon Notify: xxyyyYPj - C:\WINDOWS\
Please close ALL browser windows (including this one).
Everything closed out but hijackthis and click on "fix checked"
Reboot your PC and tell me how things are doing now?
You need an antivirus program several good free ones out there. Just use google to find something you like.
Did you set these restrictions yourself below?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
If not you can fix those also.
