Hijackthis log (added another)

AlphaMan3 · September 15, 2005

(edit: I added another log later in the post)

My computer is kind of slowing down and has random virtual memory issues when I'm not even doing anything... so yeah :|

Logfile of HijackThis v1.99.1

Scan saved at 9:56:22 PM, on 9/14/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

C:\WINDOWS\system32\services[Caution: ExecutableFile]

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

C:\WINDOWS\System32\ibmpmsvc[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\Explorer[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ[Caution: ExecutableFile]

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT[Caution: ExecutableFile]

C:\WINDOWS\System32\QCONSVC[Caution: ExecutableFile]

C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

C:\WINDOWS\System32\tcpsvcs[Caution: ExecutableFile]

C:\WINDOWS\system32\tp4serv[Caution: ExecutableFile]

C:\WINDOWS\AGRSMMSG[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

C:\WINDOWS\system32\RunDll32[Caution: ExecutableFile]

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON[Caution: ExecutableFile]

C:\Program Files\ThinkPad\Utilities\TpKmapMn[Caution: ExecutableFile]

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile]

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp[Caution: ExecutableFile]

C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile]

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile]

C:\Program Files\Discover Deskshop\Deskshop[Caution: ExecutableFile]

C:\Program Files\HP DVD\Umbrella\DVDTray[Caution: ExecutableFile]

C:\Program Files\IBM\Messages By IBM\ibmmessages[Caution: ExecutableFile]

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2[Caution: ExecutableFile]

C:\Program Files\BellSouth Internet Tools\blsloader[Caution: ExecutableFile]

C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]

C:\Program Files\Bonjour\mDNSResponder[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

C:\Program Files\Virtual Account Numbers\CitiUCS[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

C:\PROGRA~1\AIM\aim[Caution: ExecutableFile]

C:\Program Files\Microsoft Money\System\reminder[Caution: ExecutableFile]

C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost[Caution: ExecutableFile]

C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg[Caution: ExecutableFile]

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

C:\Documents and Settings\Robbie\Desktop\HijackThis[Caution: ExecutableFile]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: UCS Shared Browser Helper Object - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2[Caution: ExecutableFile]

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32[Caution: ExecutableFile] irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF[Caution: ExecutableFile]

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON[Caution: ExecutableFile]

O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn[Caution: ExecutableFile]

O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp[Caution: ExecutableFile]

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile]

O4 - HKLM\..\Run: [DiscoverDeskshop] C:\Program Files\Discover Deskshop\Deskshop[Caution: ExecutableFile] /dontopenmycards

O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray[Caution: ExecutableFile]

O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet[Caution: ExecutableFile] /NOUI

O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages[Caution: ExecutableFile]

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]

O4 - HKLM\..\Run: [CitiUCS] C:\Program Files\Virtual Account Numbers\CitiUCS[Caution: ExecutableFile] /dontopenmycards

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK[Caution: ExecutableFile]

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim[Caution: ExecutableFile] -cnetwait.odl

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages[Caution: ExecutableFile]

O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder[Caution: ExecutableFile]

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup[Caution: ExecutableFile]

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: ExecutableFile]/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: UCS - {4C730923-3961-439b-83D5-F4E445520422} - C:\Program Files\Virtual Account Numbers\CitiUCS[Caution: ExecutableFile]

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim[Caution: ExecutableFile]

O9 - Extra button: Deskshop - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Discover Deskshop\Deskshop[Caution: ExecutableFile]

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - ]http://a1540.g.akamai.net/7/1540/52/200 ... taller[Caution: ExecutableFile]

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/30cdb622a2b ... xIE601.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://199.77.250.123/activex/AxisCamControl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/active ... veData.cab

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2822.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder[Caution: ExecutableFile]

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc[Caution: ExecutableFile]

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ[Caution: ExecutableFile]

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT[Caution: ExecutableFile]

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC[Caution: ExecutableFile]

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

Thanks in advance :)

Mercifull · September 15, 2005

Theres not really anything nasty that I can see but you are running a hell of a lot of programs and system accessories in the background? Is all that really neccesary?

AlphaMan3 · September 15, 2005

Ok, that's good, thanks

But I actually wasn't running any other programs then :|

I guess all that starts up when the computer turns on..?

Hydra · September 16, 2005

Ok, that's good, thanks

But I actually wasn't running any other programs then :|

I guess all that starts up when the computer turns on..?

You can change the applications that your computer runs when you turn it on. Go to run and type in msconfig, then go to startup and select.

AlphaMan3 · September 16, 2005

Ok, that's good, thanks

But I actually wasn't running any other programs then :|

I guess all that starts up when the computer turns on..?

You can change the applications that your computer runs when you turn it on. Go to run and type in msconfig, then go to startup and select.

Alright, thanks :) (i was pretty sure there was a way to do it but i forgot how :oops: )

AlphaMan3 · September 16, 2005

Here is a log from another computer, I'd be happy if you wouldn't mind looking at this one also :|

(not quite as much junk running on this one :P )

Logfile of HijackThis v1.99.1

Scan saved at 6:19:13 PM, on 9/16/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

C:\WINDOWS\system32\services[Caution: ExecutableFile]

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\Explorer[Caution: ExecutableFile]

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd[Caution: ExecutableFile]

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

C:\Program Files\BellSouth Internet Tools\blsloader[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

C:\WINDOWS\System32\ezSP_Px[Caution: ExecutableFile]

C:\Program Files\Discover Deskshop\Deskshop[Caution: ExecutableFile]

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD[Caution: ExecutableFile]

C:\Program Files\Microsoft Money\System\reminder[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf[Caution: ExecutableFile]

C:\WINDOWS\system32\CTsvcCDA[Caution: ExecutableFile]

C:\Program Files\Microsoft Office\Office\OSA[Caution: ExecutableFile]

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08[Caution: ExecutableFile]

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08[Caution: ExecutableFile]

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT[Caution: ExecutableFile]

C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

C:\Documents and Settings\Robbie\Desktop\HijackThis[Caution: ExecutableFile]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: ExecutableFile]

O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK[Caution: ExecutableFile]

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px[Caution: ExecutableFile]

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

O4 - HKLM\..\Run: [DiscoverDeskshop] C:\Program Files\Discover Deskshop\Deskshop[Caution: ExecutableFile] /dontopenmycards

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile]

O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder[Caution: ExecutableFile]

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller[Caution: ExecutableFile] /startup

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND[Caution: ExecutableFile]

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA[Caution: ExecutableFile]

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST[Caution: ExecutableFile]

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08[Caution: ExecutableFile]

O4 - Global Startup: officejet 6100.lnk = ?

O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli[Caution: ExecutableFile]

O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\windows\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile]

O9 - Extra button: Deskshop - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Discover Deskshop\Deskshop[Caution: ExecutableFile]

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/31fbf17b12bf1f5a6a ... xIE601.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?314

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA[Caution: ExecutableFile]

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT[Caution: ExecutableFile]

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

Sign In

Hijackthis log (added another)

Recommended Posts

AlphaMan3

Link to comment

Share on other sites

Mercifull

Link to comment

Share on other sites

AlphaMan3

Link to comment

Share on other sites

Hydra

Link to comment

Share on other sites

AlphaMan3

Link to comment

Share on other sites

AlphaMan3

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity

Important Information