Jump to content

Hijackthis Log. Take a look, please?

zenko

By zenko
in Tech and Computers

 Share

Recommended Posts

zenko

zenko

Posted
Posted

Here's my Hijack log.... I don't know if there's anything bad in there or not, but I just want to make sure... Thanks.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 9:12:33 PM, on 12/26/2005

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\fxssvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\atiptaxx[Caution: ExecutableFile]

 

 

 

C:\Program Files\Synaptics\SynTP\SynTPLpr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: ExecutableFile]

 

 

 

C:\Program Files\Compaq\EAB\EabServr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\evntsvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Microsoft Works\WksSb[Caution: ExecutableFile]

 

 

 

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\Program Files\AT&T Worldnet Accelerator\PropelAC[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem[Caution: ExecutableFile]

 

 

 

C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]

 

 

 

C:\Program Files\AT&T\WnClient\Programs\WNConnect[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1[Caution: ExecutableFile]

 

 

 

C:\Program Files\Symantec\LiveUpdate\NDETECT[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\rndal[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\rndal[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\SAWYER~1.WIL\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentia ... ch/ie.html

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_7.dll

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

 

 

 

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_7.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr[Caution: ExecutableFile] /Start

 

 

 

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc[Caution: ExecutableFile] -osboot

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb[Caution: ExecutableFile] /AllUsers

 

 

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet Accelerator\trayctl[Caution: ExecutableFile]" /STARTUPLAUNCH

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express[Caution: ExecutableFile]"

 

 

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile]" /autostart

 

 

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

 

 

 

O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-page.html

 

 

 

O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\AT&T Worldnet Accelerator\pac-image.html

 

 

 

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

 

 

 

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

 

 

 

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

 

 

 

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

 

 

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

 

 

 

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Advisor - {EDF35C6E-B830-449B-BDE6-0F09CEB9E913} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher[Caution: ExecutableFile] (HKCU)

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-17.cab

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{471956EB-E6B3-406F-8F2D-4A2A7E4ED0F4}: NameServer = 204.127.160.4 12.102.240.2

 

 

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile]

 

 

 

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

 

 

 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept