crumpet Posted April 25, 2005 Share Posted April 25, 2005 Thanx For doing this guys Logfile of HijackThis v1.99.1 Scan saved at 1:20:19 PM, on 25/04/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\Common Files\Stardock\SDMCP[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Common Files\stardock\TrayServer[Caution: ExecutableFile] C:\Program Files\Java\j2re1.4.2_04\bin\jusched[Caution: ExecutableFile] C:\WINDOWS\System32\DSentry[Caution: ExecutableFile] C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\Program Files\iTunes2\iTunesHelper[Caution: ExecutableFile] C:\Program Files\Creative\SBLive\Diagnostics\diagent[Caution: ExecutableFile] C:\Program Files\Digital Line Detect\DLG[Caution: ExecutableFile] C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray[Caution: ExecutableFile] C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\WINDOWS\System32\CTsvcCDA[Caution: ExecutableFile] C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] C:\Program Files\iTunes2\iTunes[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] C:\WINDOWS\wanmpsvc[Caution: ExecutableFile] C:\WINDOWS\System32\MsPMSPSv[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] C:\Program Files\New Folder\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.placeforsearch.com/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.placeforsearch.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.placeforsearch.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.placeforsearch.com/search.html O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: - {478445EC-CF41-449F-A523-B70E24A17F2E} - C:\WINDOWS\lbbho.dll O2 - BHO: - {4A08DC5F-60C2-4D68-9D86-F5ECEE615DCC} - C:\WINDOWS\lbbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Invisible Class - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C:\WINDOWS\System32\vern32.dll O2 - BHO: - {7F59456B-99AE-4490-89CC-135652BFF5D6} - C:\WINDOWS\lbbho.dll O2 - BHO: - {85C8A18A-389C-42B4-880F-8CD096ACCC82} - C:\WINDOWS\lbbho.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: C:\WINDOWS\lbbho.dll - {FAA1FCF9-DAA9-4091-9B52-6191B1D4CB1D} - C:\WINDOWS\lbbho.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: iMesh Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL O4 - HKLM\..\Run: [1A] "C:\Program Files\Common Files\stardock\TrayServer[Caution: ExecutableFile]" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry[Caution: ExecutableFile] O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile]" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent[Caution: ExecutableFile]" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg[Caution: ExecutableFile] O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile] O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]" /r O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [urlLSTCK[Caution: ExecutableFile]] C:\Program Files\Norton Internet Security\UrlLstCk[Caution: ExecutableFile] O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes2\iTunesHelper[Caution: ExecutableFile] O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient[Caution: ExecutableFile] O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile] O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O10 - Broken Internet access because of LSP provider 'osmim.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF} (UDConnect Class) - http://17.sharedsource.org/html/Nrsgrou ... .0.3ie.cab? O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4904031277 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA[Caution: ExecutableFile] O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile] O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc[Caution: ExecutableFile] Link to comment Share on other sites More sharing options...
Vape Posted April 25, 2005 Share Posted April 25, 2005 Please download Ad-Aware SE and Spybot S&D (google for the links,) update them and run scans. Then repost your log. Where the bloody hell are you? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now