coldvenom Posted December 19, 2005 Share Posted December 19, 2005 this is my weekly hijackthis log: please tell me what to fix. Logfile of HijackThis v1.99.1 Scan saved at 8:05:34 AM, on 12/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\ACS[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\Toshiba\Power Management\CeEPwrSvc[Caution: ExecutableFile] C:\Program Files\TOSHIBA\ConfigFree\CFSvcs[Caution: ExecutableFile] C:\WINDOWS\system32\DVDRAMSV[Caution: ExecutableFile] C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] c:\TOSHIBA\Ivp\Swupdate\swupdtmr[Caution: ExecutableFile] C:\Program Files\Bonjour\mDNSResponder[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] C:\Program Files\TOSHIBA\Power Management\CePMTray[Caution: ExecutableFile] C:\Program Files\ltmoh\Ltmoh[Caution: ExecutableFile] C:\WINDOWS\AGRSMMSG[Caution: ExecutableFile] C:\Program Files\Apoint2K\Apoint[Caution: ExecutableFile] C:\Program Files\TOSHIBA\ConfigFree\NDSTray[Caution: ExecutableFile] C:\Program Files\TOSHIBA\E-KEY\CeEKey[Caution: ExecutableFile] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView[Caution: ExecutableFile] C:\WINDOWS\System32\ZoomingHook[Caution: ExecutableFile] C:\Program Files\TOSHIBA\TouchPad\TPTray[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile] C:\toshiba\ivp\ism\pinger[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd[Caution: ExecutableFile] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] C:\Program Files\Apoint2K\Apntex[Caution: ExecutableFile] C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile] C:\Program Files\EarthLink TotalAccess\TaskPanl[Caution: ExecutableFile] C:\WINDOWS\system32\RAMASST[Caution: ExecutableFile] C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile] C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile] C:\Documents and Settings\Nick Sylva\My Documents\HijackThis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit[Caution: ExecutableFile] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray[Caution: ExecutableFile] O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh[Caution: ExecutableFile] O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint[Caution: ExecutableFile] O4 - HKLM\..\Run: [NDSTray[Caution: ExecutableFile]] NDSTray[Caution: ExecutableFile] O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey[Caution: ExecutableFile] O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView[Caution: ExecutableFile] O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook[Caution: ExecutableFile] O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray[Caution: ExecutableFile] O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger[Caution: ExecutableFile] /run O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup[Caution: ExecutableFile] O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd[Caution: ExecutableFile] O4 - HKCU\..\Run: [ctfmon[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl[Caution: ExecutableFile]" -winstart O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt[Caution: ExecutableFile] O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire[Caution: ExecutableFile] O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile] O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST[Caution: ExecutableFile] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS[Caution: ExecutableFile] O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile] O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder[Caution: ExecutableFile] O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile] O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc[Caution: ExecutableFile] O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs[Caution: ExecutableFile] O23 - Service: DVD-RAM_Service - Matsu[cabbage]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV[Caution: ExecutableFile] O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr[Caution: ExecutableFile] O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] thanks in advance sig by me avatar by: born2dieMy Website -> Coldvenom.CO.NR <- My Website Link to comment Share on other sites More sharing options...
coldvenom Posted December 25, 2005 Author Share Posted December 25, 2005 bump sig by me avatar by: born2dieMy Website -> Coldvenom.CO.NR <- My Website Link to comment Share on other sites More sharing options...
Doomster Posted December 25, 2005 Share Posted December 25, 2005 Very cluttered with makers bundleware, but can't see any obvious baddies thare. http://www.hijackfree.com/en/ - try scanning with this as well, though some entries are still unidentified and others could be good or bad, depending... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now