Forum Home
Press F1
Thread ID: 55971	2005-03-24 00:41:00	My log File	TINY (7596)	Press F1

Post ID	Timestamp	Content	User
337389	2005-03-24 00:41:00	This is what Hijackthis's log file showed me, i was just wondering what i should delete, i now a lot a about building computers and web devalopment, but i dont wanna screw up anything here since it is my friends pc and i offered to fix it. __________________________________________________ _______________Logfile of HijackThis v1.99.0 Scan saved at 3:34:56 PM, on 3/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\cisvc.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.e xe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hrc.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = sas.r1.attbi.com:8000 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.r1.attbi.com;localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn1\ycomp5_5_7_0. dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: AddressBar Class - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - C:\WINDOWS\system32\iasad.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe" O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start O4 - HKLM\..\Run: [Wallchanger] C:\COPERN32\wallchanger.exe O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\RunOnce: [PPClean Remove at boot] command /c C:\PPCleanDeleteAtReboot.bat O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\ Yahoo! \YPSR\ppclean.exe" "/clean" "/ISTbar" 2 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe O4 - HKCU\..\Run: [Bdao] C:\WINDOWS\System32\l?ass.exe O4 - HKCU\..\Run: [Spyware Vanisher] C:\Microsoft-protect\FreeScanner.exe -FastScan O4 - HKCU\..\Run: [IB3tRScml] thefax.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.e xe O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: G15Q7LXU.exe O4 - Global Startup: Microsoft Office.hta O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Help - {43E4BA07-826E-41E5-9BF9-64763B88D2DD} - www.comcast.net (file missing) (HKCU) O9 - Extra button: ComcastHSI - {4BEAA90B-0BF3-49D9-8A93-D6CB06D19D7F} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Support - {54F91DAD-FF2C-4C0F-9037-D37281AA6F6A} - http://www.comcastsupport.com (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O15 - Trusted IP range: (HKLM) O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - 63.102.226.240:8000 O16 - DPF: ConferenceRoom Java Client - mail.igl.net:8000 O16 - DPF: Yahoo! Pool 2 - download.games.yahoo.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\ Yahoo! \common\yucconfig.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - us.dl1.yimg.com O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - games-dl.real.com O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - akamai.downloadv3.com O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - toolbar.azesearch.com O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GINBILLARD8 Class) - 66.98.132.156 O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe	TINY (7596)
337390	2005-03-24 01:16:00	What's the problem?	ninja (1671)
337391	2005-03-24 01:18:00	thakn you for responding.... I was just wondering if you saw anything in here that could be possible dangerous towards this pc security. If you do please tell me since i am not 100% famelair with this program....	TINY (7596)
337392	2005-03-24 01:38:00	Looks alright from here. You said you were trying to fix the computer. What is wrong with it, as that would probably point in the right direction.	ninja (1671)
337393	2005-03-24 01:40:00	I already did some work on it i was making sure i wasnt leaving in thing on there since after you work on a pc for a while sometimes you just want to get it done and misss omething fatal.... it was just infected with a trojan and spy/ad/malware keyloggers and other stuff, nothing that was that serious Looking over the log i just relized i did leave something in there (wasnt fatal but still) O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program was still installed )-; better go fix that __________________________________________________ _______________ heres my new log __________________________________________________ _______________ Logfile of HijackThis v1.99.0 Scan saved at 4:43:12 PM, on 3/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\cisvc.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.e xe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hrc.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = sas.r1.attbi.com:8000 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.r1.attbi.com;localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn1\ycomp5_5_7_0. dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: AddressBar Class - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - C:\WINDOWS\system32\iasad.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe" O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start O4 - HKLM\..\Run: [Wallchanger] C:\COPERN32\wallchanger.exe O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\RunOnce: [PPClean Remove at boot] command /c C:\PPCleanDeleteAtReboot.bat O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\ Yahoo! \YPSR\ppclean.exe" "/clean" "/ISTbar" 2 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Bdao] C:\WINDOWS\System32\l?ass.exe O4 - HKCU\..\Run: [IB3tRScml] thefax.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.e xe O4 - Global Startup: G15Q7LXU.exe O4 - Global Startup: Microsoft Office.hta O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Help - {43E4BA07-826E-41E5-9BF9-64763B88D2DD} - www.comcast.net (file missing) (HKCU) O9 - Extra button: ComcastHSI - {4BEAA90B-0BF3-49D9-8A93-D6CB06D19D7F} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Support - {54F91DAD-FF2C-4C0F-9037-D37281AA6F6A} - http://www.comcastsupport.com (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O15 - Trusted IP range: (HKLM) O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - 63.102.226.240:8000 O16 - DPF: ConferenceRoom Java Client - mail.igl.net:8000 O16 - DPF: Yahoo! Pool 2 - download.games.yahoo.com O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\ Yahoo! \common\yucconfig.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - us.dl1.yimg.com O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - games-dl.real.com O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - akamai.downloadv3.com O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - toolbar.azesearch.com O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe	TINY (7596)
1