|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 help with hijack..thanks(Click here to view the original thread with full colors/images)Posted by: zenyora Logfile of HijackThis v1.99.0 Scan saved at 7:29:19 PM, on 3/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\BitTorrent\btdownloadgui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://yahoo.com/[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.search-itnow.com/index.php[/url] R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [svchost.] C:\WINDOWS\System32\svchost..exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [svchost.] C:\WINDOWS\System32\svchost..exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: DigiChat Applet - [url]http://host7.digichat.com/DigiChat/DigiClasses/SignedClient.cab[/url] O16 - DPF: Yahoo! Chat - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab[/url] O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [url]http://activation.rr.com/install/download/tgctlcm.cab[/url] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopularScreenSaversFWBInitialSetup1.0.0.8-2.cab[/url] O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab[/url] O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [url]http://chat.yahoo.com/cab/yacsui.cab[/url] O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Posted by: rstones12 zenyora, Hello and welcome to the Tech-Forums. I will be reviewing your HJT log. We are going to need to remove a few things, but first I would like you do to the following: The reason I am asking for these first initial steps is that it can clear up some items in the first part of the fix if needed. I have outlined some preliminary steps that we need to address. [b]You may want to print out these intructions for reference.[/b] This process will take a few steps so please be patient and follow the provided directions. [b][1.][/b] First Download [url=http://cwshredder.net/bin/CWShredder.exe][color=blue]CWShredder[/color][/url] And save it to your desktop. Close all open browser windows and any other open windows. Install CWShredder, then: Open CWS and click [b]Check for Updates[/b] Then click [b]"FIX"[/b] [b][2.][/b] Please run at least one of these online scans, allow it to delete anything it finds: You may have to select the auto-fix option prior to scanning, it should be a selection box on the screen. If you are a dial-up user just do one, this can take some time. If you are a broadband user, I would suggest at least 2 of the 3. One extra scan is most often times enough. [list][url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][color=blue]Panda ActiveScan[/color][/url] [url=http://housecall.trendmicro.com/housecall/start_corp.asp][color=blue]TrendMicro HouseCall[/color][/url] [url=http://www3.ca.com/virusinfo/virusscan.aspx][color=blue]eTrust AntiVirus Web Scanner[/color][/url] [/list]Please make a note of anything that wasn't or couldn't be fixed. Reboot your machine when finished. [b][3.][/b] You [b]may have[/b] run these programs already, make sure they are up to date and run per provided instructions. Current Versions are: [b]Spybot S&D Ver: 1.3[/b] [url=http://www.safer-networking.org/en/download/index.html][color=blue]Download Here[/color][/url] [b]Ad-Aware SE Build 1.05[/b] [url=http://www.majorgeeks.com/download506.html][color=blue]Download Here[/color][/url] Download and install both Spybot S&D and Ad-Aware SE. Instructions: [b]Spybot S&D:[/b] Go to your Start Menu >> Programs >> Spybot S&D >> then choose Spybot S&D. [b]*[/b]Close [b]ALL [/b]windows except Spybot S&D [b]*[/b]Click the button to [b]"Search for Updates"[/b] and download and install the Updates. [b]*[/b]Close Spybot then launch it again [b]*[/b]Click the button [b]"Check for Problems" [/b] [b]*[/b]When Spybot is done scanning, it will be showing "RED" (RED) entries, "BLACK" entries and "GREEN" (GREEN) entries in the window [b]*[/b]Put a check mark beside the RED [color=red](RED) entries ONLY.[/color] [b]*[/b]Choose "Fix Selected Problems" and allow Spybot to fix the RED [color=red](RED)[/color] entries. [b]Ad-Aware SE FULL SCAN:[/b] Go to your Start Menu >> Programs >> Lavasoft Ad-Aware SE >> then choose Ad-Aware SE Personal. When the main window opens look in the bottom right corner and click on [b]Check For Updates Now[/b] then click Connect and download the latest reference files. From main window: [b]*[/b]Click Start then under Select a scan Mode check [b]Perform Full System Scan.[/b] [b]*[/b]Next [color=red]deselect [/color]Search for negligible risk entries. [b]*[/b]To scan just click the [b]Next[/b] button. When the scan has finished [b]mark everything for removal [/b]and get rid of it. [i](Right-click the window and choose [b]select all[/b] from the drop down menu and click Next)[/i] The program will ask if you want to fix/delete selected items, choose yes/fix. [b][4.][/b] Enable show hidden files and folders: * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. [b][5.][/b] [b]Update[/b] your current Virus Scan Definitions: [b][6.][/b] Reboot into Safe Mode and [b]Scan[/b] with Spybot S&D and Ad-Aware SE Then Scan with your Anti-Virus Program [b][7.][/b] Delete your temp files: Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Empty Your Recycle Bin. [b][8.][/b] Reboot normally and post a new HJT log by using [b]Post Reply[/b]: Thanks, rstones12 Posted by: zenyora Logfile of HijackThis v1.99.0 Scan saved at 3:03:06 AM, on 3/13/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXPPS.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://yahoo.com/[/url] R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: DigiChat Applet - [url]http://host7.digichat.com/DigiChat/DigiClasses/SignedClient.cab[/url] O16 - DPF: Yahoo! Chat - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab[/url] O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [url]http://activation.rr.com/install/download/tgctlcm.cab[/url] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopularScreenSaversFWBInitialSetup1.0.0.8-2.cab[/url] O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab[/url] O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [url]http://chat.yahoo.com/cab/yacsui.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe thanks man... Posted by: southernlady zenyora, another thing you need to do is get the newer version of HiJack This. There is a version 1.99.1 If you follow the link in my signature, you will get the newest one. When you post your next log, can you use that new version, please? Liz Posted by: rstones12 zenyora, Scan with HJT and place a checkmark next to the following items. [b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/cus.../search/ie.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/cus...//www.yahoo.com[/url] R3 - Default URLSearchHook is missing O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) [/b] Close all browsers and open windows except HJT then click [b]Fix Checked[/b] Delete your temp files: Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Empty Your Recycle Bin. Download the latest version of HijackThis 1.99.1 [url=http://www.majorgeeks.com/download3155.html]HERE[/url] Reboot then post a new HJT log using the updated version. rstones12 Posted by: zenyora Logfile of HijackThis v1.99.1 Scan saved at 1:14:41 PM, on 3/13/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: DigiChat Applet - [url]http://host7.digichat.com/DigiChat/DigiClasses/SignedClient.cab[/url] O16 - DPF: Yahoo! Chat - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab[/url] O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [url]http://activation.rr.com/install/download/tgctlcm.cab[/url] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopularScreenSaversFWBInitialSetup1.0.0.8-2.cab[/url] O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab[/url] O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [url]http://chat.yahoo.com/cab/yacsui.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Posted by: rstones12 zenyora, Your log is looking good. However we need to address a couple of items. You ran the latest version of HJT from a temp folder. [i]C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe[/i] Please move it to a permanent folder. C:\hjt Post back a new log and we will fix the final couple of entries. Thanks, rstones12 vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |