Hijack This Log

mack · 12-04-2004, 09:49 AM

I posted here: http://tech-forums.net/showthread.ph...001#post241001 originally.

Files keep being created everytime a program connects to the internet, "WebProxy.ini" and "WebExcl.dat"

Here is my Hijack this logs:

Logfile of HijackThis v1.98.2
Scan saved at 10:42:26 AM, on 12/4/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspn et_admin.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mack\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sidrahq.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\mack\Application Data\Mozilla\Profiles\default\o3rncst8.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\mack\Application Data\Mozilla\Profiles\default\o3rncst8.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pi...es/CUworld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093001155314
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.171.166.230/activex/AxisCamControl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex...te/sdkinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

Here is my startup log:
StartupList report, 12/4/2004, 10:42:56 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\mack\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspn et_admin.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mack\Desktop\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
CTHelper = CTHELPER.EXE
AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Web assistant - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Creative Software AutoUpdate]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CTSUEng.ocx
CODEBASE = http://www.creative.com/su/ocx/15007/CTSUEng.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\PCPitstop.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

[iCC Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll
CODEBASE = http://pcpitstop.com/internet/pcpConnCheck.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.microsoft.com/downlo...?1093306319593

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB

[FilePlanet Download Control Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FilePlanetDownloadCtrl.dll
CODEBASE = http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab

[{52A5CD24-64C6-4BAF-A4EC-4D13F451763F}]
CODEBASE = https://www.cuworld.com/PIC/inner_pi...es/CUworld.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.co...?1093001155314

[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
CODEBASE = http://129.171.166.230/activex/AxisCamControl.cab

[mhLabel Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\mhLbl.dll
CODEBASE = http://pcpitstop.com/mhLbl.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

[Update Class]
InProcServer32 = C:\WINDOWS\system32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.co...300.3216087963

[GDIChk Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GDIChk.dll
CODEBASE = http://www.microsoft.com/security/co...I/0/GDIChk.CAB

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.com/download.yaho...tocomplete.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[SDKInstall Class]
InProcServer32 = C:\WINDOWS\sdkinst.dll
CODEBASE = http://activex.microsoft.com/activex...te/sdkinst.cab

[Creative Software AutoUpdate Support Package]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CTPID.ocx
CODEBASE = http://www.creative.com/SU/ocx/15008/CTPID.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:DOCUME~1mackLOCALS~1Temp_iu14D2N.tmp||C:Do cuments and SettingsmackStart MenuProgramsGoogle Desktop Search||C:Program FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopAPI2.dll||C:Page Ranking ogram FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopIE.dll||C:Prog ram FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopNetwork1.dll||C :Program FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopNetwork2.dll||C :Program FilesGoogleGoogle Desktop Searchtemp||C:Program FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopAPI2.dll||C:Pr ogram FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopIE.dll||C:Prog ram FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopNetwork1.dll||C :Program FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopNetwork2.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,968 bytes
Report generated in 0.016 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

southernlady · 12-04-2004, 10:07 AM

mack, I'm Liz and I saw your earlier thread. I'm going to be reading your log but it may take some time for me to get it read.

In the meantime, make sure you turn off system restore: http://www.spyware911.net/forum/index.php?showtopic=16

We don't want you reinfecting yourself.

Also, if you could, move Hijack this to a My documents folder or a programs folder. The desktop is a temporary folder and the reason for this is that Hijackthis backup files may be deleted if it is being run from a temporary folder.

I'll get it read as fast as I can. Liz

mack · 12-04-2004, 02:17 PM

System restore is off. I don't use it, if I have computer issues I format (two harddrives hehe)..

I really don't think I have anything such as a virus, it's probably some setting that I changed or something changed.

Thanks I will keep checking back.

southernlady · 12-04-2004, 08:37 PM

mack, you actually have a clean log but you do have far too many sets of A/V running...you need to decide on one and let that be it. I see Symantec, AVG, and Avast. If I had to pick among them, I would go with Avast.

That may be your conflict right there. Try uninstalling two of them and then post another HiJack log and let's see what happens, ok? That should clean everything up.

Also you might want to try a trial of Ashampoo WinOptimizer Platinum Suite 2 2.0 to see if it can clean your system out. I use it and love it so much that I bought it. I don't normally recommend anything to anyone that has to be bought but you have lots of stuff that needs to be organized and cleaned and it is an excellent product. But try the trial and see what you think. If you don't like it, you haven't lost anything. Liz

mack · 12-05-2004, 02:16 AM

Thank you. I fixed the problem with two random files being created, it had to do with Panda antivirus. It was attached to my Winsock files, so I was kicked off the internet and had to reinstall Winsock. Took me about 3 hours to figure out >.<

Anyhow, I'm getting rid of AVG and going with AVAST. I will try WinOptimizer sometime. The reason why I have AVG, AVast, and Symantec because I just installed Avast and didn't uninstall AVG yet. Symantec is Norton Internet Security which is uninstalled now.

Thank you

southernlady · 12-05-2004, 10:16 AM

You're welcome, glad I could help. We can close this one but if you need help again, PM a moderator to open this thread and we will be glad to help you. Liz

12-04-2004, 09:49 AM	#1 (permalink)
mack Super Techie Join Date: Aug 2003 Posts: 270	Hijack This Log I posted here: http://tech-forums.net/showthread.ph...001#post241001 originally. Files keep being created everytime a program connects to the internet, "WebProxy.ini" and "WebExcl.dat" Here is my Hijack this logs: Logfile of HijackThis v1.98.2 Scan saved at 10:42:26 AM, on 12/4/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspn et_admin.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AIM\aim.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Alwil Software\Avast4\ashSimp2.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\mack\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sidrahq.com/ N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\mack\Application Data\Mozilla\Profiles\default\o3rncst8.slt\prefs.j s) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\mack\Application Data\Mozilla\Profiles\default\o3rncst8.slt\prefs.j s) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pi...es/CUworld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093001155314 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.171.166.230/activex/AxisCamControl.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex...te/sdkinst.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll Here is my startup log: StartupList report, 12/4/2004, 10:42:56 AM StartupList version: 1.52.2 Started from : C:\Documents and Settings\mack\Desktop\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspn et_admin.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AIM\aim.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Alwil Software\Avast4\ashSimp2.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\mack\Desktop\HijackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033 AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe CTHelper = CTHELPER.EXE AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} Web assistant - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -------------------------------------------------- Enumerating Task Scheduler jobs: Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Creative Software AutoUpdate] InProcServer32 = C:\WINDOWS\DOWNLO~1\CTSUEng.ocx CODEBASE = http://www.creative.com/su/ocx/15007/CTSUEng.cab [PCPitstop Utility] InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\PCPitstop.dll CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab [iCC Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll CODEBASE = http://pcpitstop.com/internet/pcpConnCheck.cab [MSSecurityAdvisor Class] InProcServer32 = C:\WINDOWS\System32\mssecadv.dll CODEBASE = http://download.microsoft.com/downlo...?1093306319593 [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB [FilePlanet Download Control Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\FilePlanetDownloadCtrl.dll CODEBASE = http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab [{52A5CD24-64C6-4BAF-A4EC-4D13F451763F}] CODEBASE = https://www.cuworld.com/PIC/inner_pi...es/CUworld.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.co...?1093001155314 [CamImage Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx CODEBASE = http://129.171.166.230/activex/AxisCamControl.cab [mhLabel Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\mhLbl.dll CODEBASE = http://pcpitstop.com/mhLbl.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll [Update Class] InProcServer32 = C:\WINDOWS\system32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.co...300.3216087963 [GDIChk Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\GDIChk.dll CODEBASE = http://www.microsoft.com/security/co...I/0/GDIChk.CAB [{B9191F79-5613-4C76-AA2A-398534BB8999}] CODEBASE = http://us.dl1.yimg.com/download.yaho...tocomplete.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab [SDKInstall Class] InProcServer32 = C:\WINDOWS\sdkinst.dll CODEBASE = http://activex.microsoft.com/activex...te/sdkinst.cab [Creative Software AutoUpdate Support Package] InProcServer32 = C:\WINDOWS\DOWNLO~1\CTPID.ocx CODEBASE = http://www.creative.com/SU/ocx/15008/CTPID.cab -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: No scripts set to run Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:DOCUME~1mackLOCALS~1Temp_iu14D2N.tmp\|\|C:Do cuments and SettingsmackStart MenuProgramsGoogle Desktop Search\|\|C:Program FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopAPI2.dll\|\|C:Page Ranking ogram FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopIE.dll\|\|C:Prog ram FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopNetwork1.dll\|\|C :Program FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopNetwork2.dll\|\|C :Program FilesGoogleGoogle Desktop Searchtemp\|\|C:Program FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopAPI2.dll\|\|C:Pr ogram FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopIE.dll\|\|C:Prog ram FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopNetwork1.dll\|\|C :Program FilesGoogleGoogle Desktop Searchtemptemp5D13__GoogleDesktopNetwork2.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 8,968 bytes Report generated in 0.016 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only __________________ Desktop AMD x2 4400+ ASUS A8N-32 SE Deluxe FSP Group 500 watt PSU 2GB PC3200 Dual-Channel MSI 7900 GTX 150GB Raptor 10K HDD 250GB Western Digital HDD Jobs Full-time electrician Freelance programmer/webdesigner Gamer

12-04-2004, 10:07 AM	#2 (permalink)
southernlady Monster Techie Join Date: Nov 2004 Posts: 1,346	mack, I'm Liz and I saw your earlier thread. I'm going to be reading your log but it may take some time for me to get it read. In the meantime, make sure you turn off system restore: http://www.spyware911.net/forum/index.php?showtopic=16 We don't want you reinfecting yourself. Also, if you could, move Hijack this to a My documents folder or a programs folder. The desktop is a temporary folder and the reason for this is that Hijackthis backup files may be deleted if it is being run from a temporary folder. I'll get it read as fast as I can. Liz __________________ Priority Computers \| AdAware SE \| SpyBot-Search & Destroy \| SpywareBlaster \| SpywareGuard \| HijackThis \| Stealing is illegal Powered by Emily!

12-04-2004, 02:17 PM	#3 (permalink)
mack Super Techie Join Date: Aug 2003 Posts: 270	System restore is off. I don't use it, if I have computer issues I format (two harddrives hehe).. I really don't think I have anything such as a virus, it's probably some setting that I changed or something changed. Thanks I will keep checking back. __________________ Desktop AMD x2 4400+ ASUS A8N-32 SE Deluxe FSP Group 500 watt PSU 2GB PC3200 Dual-Channel MSI 7900 GTX 150GB Raptor 10K HDD 250GB Western Digital HDD Jobs Full-time electrician Freelance programmer/webdesigner Gamer

12-04-2004, 08:37 PM	#4 (permalink)
southernlady Monster Techie Join Date: Nov 2004 Posts: 1,346	mack, you actually have a clean log but you do have far too many sets of A/V running...you need to decide on one and let that be it. I see Symantec, AVG, and Avast. If I had to pick among them, I would go with Avast. That may be your conflict right there. Try uninstalling two of them and then post another HiJack log and let's see what happens, ok? That should clean everything up. Also you might want to try a trial of Ashampoo WinOptimizer Platinum Suite 2 2.0 to see if it can clean your system out. I use it and love it so much that I bought it. I don't normally recommend anything to anyone that has to be bought but you have lots of stuff that needs to be organized and cleaned and it is an excellent product. But try the trial and see what you think. If you don't like it, you haven't lost anything. Liz __________________ Priority Computers \| AdAware SE \| SpyBot-Search & Destroy \| SpywareBlaster \| SpywareGuard \| HijackThis \| Stealing is illegal Powered by Emily!

12-05-2004, 02:16 AM	#5 (permalink)
mack Super Techie Join Date: Aug 2003 Posts: 270	Thank you. I fixed the problem with two random files being created, it had to do with Panda antivirus. It was attached to my Winsock files, so I was kicked off the internet and had to reinstall Winsock. Took me about 3 hours to figure out >.< Anyhow, I'm getting rid of AVG and going with AVAST. I will try WinOptimizer sometime. The reason why I have AVG, AVast, and Symantec because I just installed Avast and didn't uninstall AVG yet. Symantec is Norton Internet Security which is uninstalled now. Thank you __________________ Desktop AMD x2 4400+ ASUS A8N-32 SE Deluxe FSP Group 500 watt PSU 2GB PC3200 Dual-Channel MSI 7900 GTX 150GB Raptor 10K HDD 250GB Western Digital HDD Jobs Full-time electrician Freelance programmer/webdesigner Gamer

12-05-2004, 10:16 AM	#6 (permalink)
southernlady Monster Techie Join Date: Nov 2004 Posts: 1,346	You're welcome, glad I could help. We can close this one but if you need help again, PM a moderator to open this thread and we will be glad to help you. Liz __________________ Priority Computers \| AdAware SE \| SpyBot-Search & Destroy \| SpywareBlaster \| SpywareGuard \| HijackThis \| Stealing is illegal Powered by Emily!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode