| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 63669 | 2005-11-18 14:45:00 | My Hijack this log | Jackalope13 (8882) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 405293 | 2005-11-18 14:45:00 | Doseanyone here know how to read hijack this logs if you do could you look at mine? thanks! Logfile of HijackThis v1 . 99 . 1 Scan saved at 9:42:47 AM, on 11/18/2005 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\ccProxy . exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe C:\Program Files\Norton Internet Security\ISSVC . exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc . exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe C:\WINDOWS\system32\spoolsv . exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd . exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc . exe C:\Program Files\Netscape Internet Service\ncupdatesvc . exe C:\WINDOWS\system32\HPZipm12 . exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL . SYS C:\WINDOWS\system32\svchost . exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI . exe C:\Program Files\Common Files\Symantec Shared\ccApp . exe C:\Program Files\Digital Media Reader\shwiconem . exe C:\WINDOWS\system32\igfxtray . exe C:\WINDOWS\system32\hkcmd . exe C:\PROGRA~1\mcafee . com\agent\mcagent . exe C:\Program Files\CyberLink\PowerDVD\PDVDServ . exe C:\WINDOWS\SOUNDMAN . EXE C:\WINDOWS\ALCWZRD . EXE C:\Program Files\Common Files\Real\Update_OB\realsched . exe C:\Program Files\Microsoft AntiSpyware\gcasServ . exe C:\Program Files\Messenger\msmsgs . exe C:\Program Files\Common Files\AOL\1130457764\ee\AOLHostManager . exe C:\Program Files\Common Files\AOL\1130457764\ee\AOLServiceHost . exe C:\Program Files\AOL Computer Check-Up\ACCAgnt . exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ . exe C:\Program Files\BigFix\BigFix . exe c:\program files\common files\aol\1130457764\ee\services\antiSpywareApp\ve r2_0_7\AOLSP Scheduler . exe C:\Program Files\Common Files\AOL\1130457764\ee\AOLServiceHost . exe C:\Program Files\America Online 9 . 0\waol . exe C:\Program Files\America Online 9 . 0\shellmon . exe C:\Program Files\Common Files\Aol\aoltpspd . exe C:\Program Files\Windows Media Player\wmplayer . exe C:\Program Files\Real\RealPlayer\RealPlay . exe C:\HJT\HijackThis . exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . gatewaybiz . com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6 . 0\Reader\ActiveX\AcroIEHelper . dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper . dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt . dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2 . dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt . dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt . dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt . dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar . dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2 . dll O4 - HKLM\ . . \Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD . EXE O4 - HKLM\ . . \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp . exe" O4 - HKLM\ . . \Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem . exe O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [IgfxTray] C:\WINDOWS\system32\igfxtray . exe O4 - HKLM\ . . \Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd . exe O4 - HKLM\ . . \Run: [MCAgentExe] c:\PROGRA~1\mcafee . com\agent\mcagent . exe O4 - HKLM\ . . \Run: [MCUpdateExe] C:\PROGRA~1\mcafee . com\agent\mcupdate . exe O4 - HKLM\ . . \Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ . exe" O4 - HKLM\ . . \Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut . exe O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [AlcWzrd] ALCWZRD . EXE O4 - HKLM\ . . \Run: [Alcmtr] ALCMTR . EXE O4 - HKLM\ . . \Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL . exe" -Run O4 - HKLM\ . . \Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon . exe /Consumer O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKLM\ . . \Run: [HostManager] C:\Program Files\Common Files\AOL\1130457764\ee\AOLHostManager . exe O4 - HKLM\ . . \Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\ . . \Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ . exe" O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt . exe" /startup O4 - Global Startup: BigFix . lnk = C:\Program Files\BigFix\BigFix . exe O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office10\OSA . EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar . dll/SEARCH . HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2 . dll/cmsearch . html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2 . dll/cmwordtrans . html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2 . dll/cmbacklinks . html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2 . dll/cmcache . html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2 . dll/cmsimilar . html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2 . dll/cmtrans . html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1 . 4 . 2\bin\npjpi142 . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1 . 4 . 2\bin\npjpi142 . dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar . dll (file missing) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar . dll (file missing) O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR . DLL O9 - Extra button: Real . com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - . symantec . com/techsupp/asa/ctrl/tgctlsr . cab" target="_blank">www . symantec . com O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - . trendmicro . com/housecall/xscan60 . cab" target="_blank">housecall60 . trendmicro . com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=48835" target="_blank">go . microsoft . com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - . symantec . com/techsupp/asa/ctrl/LSSupCtl . cab" target="_blank">www . symantec . com O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - . aol . com/help/acp2/engine/aolcoach_core_1 . cab" target="_blank">esupport . aol . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . microsoft . com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site . cab?1130" target="_blank">update . microsoft . com 397461328 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - . symantec . com/sscv6/SharedContent/common/bin/cabsa . cab" target="_blank">security . symantec . com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - . g . akamai . net/7/840/537/2005111401/housecall . trendmicro . com/housecall/xscan53 . " target="_blank">a840 . g . akamai . net cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - . symantec . com/techsupp/asa/ctrl/SymAData . cab" target="_blank">www . symantec . com O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - . musicmatch . com/form/support/tech/diagnostics/cabs/DiagCollectionControl . cab" target="_blank">www . musicmatch . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{18D687A8-C8B6-4FCB-B39D-691B7475D855}: NameServer = 205 . 188 . 146 . 145 O17 - HKLM\System\CS1\Services\Tcpip\ . . \{18D687A8-C8B6-4FCB-B39D-691B7475D855}: NameServer = 205 . 188 . 146 . 145 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc . dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc . - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd . exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv . exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr . exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy . exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc . exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr . exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC . exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr . exe) - McAfee, Inc - C:\PROGRA~1\McAfee . com\Agent\mcupdmgr . exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc . exe O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc . exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12 . exe O23 - Service: PrismXL - New Boundary Technologies, Inc . - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL . SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan . exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ . exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc . exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe |
Jackalope13 (8882) | ||
| 405294 | 2005-11-18 16:47:00 | Looks fairly clean. www.hijackthis.de hth |
johnboy (217) | ||
| 405295 | 2005-11-18 17:02:00 | There is one that keeps on popping up with people and their AOL accounts..but this one seems to be a coat-tailed virus of some kind. I have deleted this one thru HJT and not had any problems so far on various machines. You might try to kill the following process in Safe Mode and see what you get... O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Nasty The entry &AOL Toolbar search has been identified as nasty. |
SurferJoe46 (51) | ||
| 1 | |||||