Hijackthis Log

[Ryan]

Any problems?

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1



Scan saved at 9:51:57 PM, on 10/16/2005



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]



C:\Program Files\Common Files\EPSON\EBAPI\SAgent2[Caution: ExecutableFile]



C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]



C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]



C:\Program Files\BroadJump\Client Foundation\CFD[Caution: ExecutableFile]



C:\Program Files\Support.com\bin\tgcmd[Caution: ExecutableFile]



C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile]



C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]



C:\Program Files\AIM\aim[Caution: ExecutableFile]



C:\Program Files\BellSouth\Connection Manager\CManager[Caution: ExecutableFile]



C:\Program Files\SpywareGuard\sgmain[Caution: ExecutableFile]



C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2[Caution: ExecutableFile]



C:\Program Files\SpywareGuard\sgbhp[Caution: ExecutableFile]



C:\PROGRA~1\BROADJ~1\CORREC~1\CCD[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]



C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]



C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]



C:\Program Files\iTunes\iTunes[Caution: ExecutableFile]



C:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile]



C:\DOCUME~1\Ryan\LOCALS~1\Temp\Rar$EX01.015\HijackThis[Caution: ExecutableFile]







R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/



R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bellsouth.net/



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost



O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll



O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll



O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll



O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll



O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll



O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD[Caution: ExecutableFile]



O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd[Caution: ExecutableFile]" /server /nosystray



O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background



O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl



O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager[Caution: ExecutableFile] AcRdB7_0_0



O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager[Caution: ExecutableFile]



O4 - Startup: PowerReg Scheduler V3[Caution: ExecutableFile]



O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain[Caution: ExecutableFile]



O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]



O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]



O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02[Caution: ExecutableFile]



O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html



O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html



O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html



O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html



O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html



O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll



O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile]



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204



O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100738375202



O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab



O17 - HKLM\System\CCS\Services\Tcpip\..\{A7486660-A8FE-4A37-91A3-C07BCA9CBA4F}: NameServer = 205.152.0.5,205.152.0.20



O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]



O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]



O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2[Caution: ExecutableFile]



O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]



O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]



O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]



O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

 

 

 

 

 

 

 

Thanks

[weezcake]

Nothing suspicious or evil running on your system. But you could make your computer faster by disabling some non-essential processes via msconfig startup. :D

[Ryan]

Nothing suspicious or evil running on your system. But you could make your computer faster by disabling some non-essential processes via msconfig startup. :D

 

 

 

 

 

 

 

Could you go into more detail? My computer is slow as hell so this is very enticing :).

[Phil]

 

Nothing suspicious or evil running on your system. But you could make your computer faster by disabling some non-essential processes via msconfig startup. :D

 

 

 

 

 

 

 

Could you go into more detail? My computer is slow as hell so this is very enticing :).

 

 

 

Go to start > run and type 'msconfig' then choose the startup tab.

 

 

 

You can untick some items that you don't wish to run when you log into your computer.

[Phil]

Ohh could you also download the latest hijackthis version 1.99.1 as you are using 1.99.0 :) , and post a new log. Might not show anything more helpfull but better to be safe.

 

 

 

http://www.spywareinfo.com/~merijn/downloads.html

[Ryan]

Ohh could you also download the latest hijackthis version 1.99.1 as you are using 1.99.0 :) , and post a new log. Might not show anything more helpfull but better to be safe.

 

 

 

http://www.spywareinfo.com/~merijn/downloads.html

 

 

 

 

 

 

 

K, I edited my post with the new log :)

 

 

 

 

 

 

 

Thanks

[weezcake]

What I would remove using msconfig:

 

 

 

 

 

 

 

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.e3e

 

 

 

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.e3e (I've never found these printer files ever to be useful.. but apparently, the first one is used to detect Epson printers; disable it, plug in a printer, and see if your computer detects it or not. Second is an "ease of use" program.)

 

 

 

 

 

 

 

C:\Program Files\BroadJump\Client Foundation\CFD.e3e

 

 

 

C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.e3e (I assume that these files were installed with your internet connection. I don't think these files are needed for your connection, but I think they do help if you need technical assistance with your connection.)

 

 

 

 

 

 

 

C:\Program Files\Support.com\bin\tgcmd.e3e (Google says this is spyware by Sony :P)

 

 

 

 

 

 

 

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.e3e (Annoying and not needed. It is a file associated with Viewpoint, and is installed with AIM.)

 

 

 

 

 

 

 

C:\Program Files\MSN Messenger\MsnMsgr.e3e

 

 

 

C:\Program Files\AIM\aim.e3e (You should disable the "Start application when Windows starts" in the options for both of these programs. It'll speed up your startup time. Besides, you can just open these manually when you need to use them!)

 

 

 

 

 

 

 

C:\Program Files\QuickTime\qttask.e3e (This is an annoying little quicktime file. I never use quick time, therefore I disable it; I just deleted qttask[Caution: ExecutableFile] from my quicktime folder. It will return after you uncheck it and restart your computer.)

 

 

 

 

 

 

 

 

 

 

 

Remember, you can always recheck the boxes, and let it run at startup again, if needed. :wink:

[Ryan]

Awesome, thanks :).

[coltm4carbine]

Hi there

 

 

 

 

 

 

 

can you please post another HJT log because i think you got a few bad entries.

[Ryan]

Hi there

 

 

 

 

 

 

 

can you please post another HJT log because i think you got a few bad entries.

 

 

 

 

 

 

 

Uhm, sure. I'll post another tonight or tomorrow.

 

 

 

 

 

 

 

Thanks