Can someone help me with Hi-jack this?

[bajuba]

If you can then i'll post my log.

[Forceape]

People are certain to help you here :) Post your log then someone will have a look at it for you

[Mercifull]

You dont need to ask permission to post a log, somone will get to it eventually.

[bajuba]

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 12:44:54 PM, on 6/1/2005

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Sygate\SPF\smc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

c:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

c:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\wscntfy[Caution: ExecutableFile]

 

 

 

C:\windows\system\hpsysdrv[Caution: ExecutableFile]

 

 

 

C:\Program Files\HP\Digital Imaging\Unload\hpqcmon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\hphmon05[Caution: ExecutableFile]

 

 

 

C:\HP\KBD\KBD[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\VTTimer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\LTMSG[Caution: ExecutableFile]

 

 

 

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\mnpkl[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\msxct[Caution: ExecutableFile]

 

 

 

C:\Program Files\ISTsvc\istsvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]

 

 

 

C:\Program Files\Microsoft Office97\Office\OSA[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program Files\BullsEye Network\bin\bargains[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program Files\HijackThis\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bajuba666.9.forumer.com/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

 

 

 

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll

 

 

 

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

 

 

 

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]" /r

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [VTTimer] VTTimer[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz[Caution: ExecutableFile] /GUID NAV /CMDLINE "REBOOT"

 

 

 

O4 - HKLM\..\Run: [LTMSG] LTMSG[Caution: ExecutableFile] 7

 

 

 

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM[Caution: ExecutableFile] -startup

 

 

 

O4 - HKLM\..\Run: [iSUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch[Caution: ExecutableFile]" -start

 

 

 

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc[Caution: ExecutableFile] -startgui

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [aOd7dlcm] C:\WINDOWS\mnpkl[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [msxct] msxct[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [NVIEW] rundll32[Caution: ExecutableFile] nview.dll,nViewLoadHook

 

 

 

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr[Caution: ExecutableFile]"

 

 

 

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

 

 

 

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

 

 

 

O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget[Caution: ExecutableFile]

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8575809828

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{37050FB0-16A7-4B28-9F6B-97808C103875}: NameServer = 63.175.216.1 63.175.216.2

 

 

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]

 

 

 

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv[Caution: ExecutableFile]

 

 

 

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv[Caution: ExecutableFile]

 

 

 

O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

 

 

 

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc[Caution: ExecutableFile]