Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HiJack Log after following instructions

Started by angaleza , Mar 29 2005 12:30 AM

  • This topic is locked This topic is locked

#1
angaleza
Posted 29 March 2005 - 12:30 AM

angaleza

    New Member

  • Member
  • Pip
  • 5 posts
I followed all the instructions and I think have done them all....is there something left I need to get rid of here?


Logfile of HijackThis v1.97.7
Scan saved at 11:27:00 PM, on 3/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\monitorbk.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awardwinninginternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awardwinninginternet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awardwinninginternet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awardwinninginternet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Award Winning Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.awardwinninginternet.com
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.co...ease/instub.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/pcpitstop.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c454.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...4.47/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A72E03FD-B0E6-4F47-B299-28C4C867B262}: NameServer = 207.109.251.1
  • 0

Advertisements

#2
angaleza
Posted 29 March 2005 - 12:51 AM

angaleza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Also, I've very new here... and I was so excited to find this forum. I would really appreciate any help -- my computer freezes often and I have to shut down. I got rid of a bunch of spyware and a few trojans with the instructions... hope I can get it cleaned up correctly with your help.
  • 0

#3
Guest_usetobe_*
Posted 29 March 2005 - 05:56 AM

Guest_usetobe_*
  • Guest
Hi angaleza,

Welcome to Geeks 2 Go, I'm Usetobe and i would like to help you. I am a geek in training.

By allowing geeks in training to assist you, you are helping to increase our knowledge. You can rest assured that you will be receiving the upmost attention, as all of my replies to you will be firstly checked by my Guru mentors to enmsure that my replies are correct.

As my replies need to be checked first please do not be alarmed if it takes a little longer than expected.

Initially however, i notice that you are using an out-dated version of Hijackthis.
a newer version can be downloaded from the following link.

Link to download HJT

I also notice that you are running HJT from Desktop. Please create a new folder for it (for example C\HJT) and run the program from that folder. If you do not know how to create a folder please ask.

Once you have installed the new version, please run HJT and post the new log in this thread

Regards

Usetobe
  • 0

#4
angaleza
Posted 29 March 2005 - 08:46 AM

angaleza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you Usetobe :tazz: Here is the new log:


Logfile of HijackThis v1.99.1
Scan saved at 7:42:48 AM, on

3/29/2005
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common

Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\Program Files\Panda

Software\Panda Antivirus

Titanium\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.e

xe
C:\Program Files\Panda

Software\Panda Antivirus

Titanium\AVENGINE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.e

xe
C:\Program Files\Fujitsu\Fujitsu

Hotkey Utility\IndicatorUty.exe
C:\Program

Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Panda

Software\Panda Antivirus

Titanium\APVXDWIN.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73

.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.

exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallS

tub.exe
C:\Program Files\Microsoft

ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\monitorbk.exe
C:\Program Files\Panda

Software\Panda Antivirus

Titanium\pavProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft

ActiveSync\WCESMgr.exe
C:\Program Files\Common

Files\Mobipocket

Shared\webcomp.exe
C:\Program Files\Microsoft

Office\Office10\OUTLOOK.EXE
C:\Program Files\Internet

Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.awardwinninginternet.co

m
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.awardwinninginternet.co

m/
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.awardwinninginternet.co

m
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.awardwinninginternet.co

m
R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Award

Winning Internet
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -

_{8952A998-1E7E-4716-B23D-3DBE0391

0972} - (no file)
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE

0B3} - C:\Program

Files\Adobe\Acrobat

5.0\Acrobat\ActiveX\AcroIEHelper.o

cx
O2 - BHO: eBay Toolbar Helper -

{22D8E815-4A5E-4DFB-845E-AAB64207F

5BD} - C:\Program Files\eBay\eBay

Toolbar2\eBayTB.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D79424

84F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF1057747

3F7} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5C

D4F} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar -

{92085AD4-F48A-450D-BD93-B28CC7DF6

7CE} - C:\Program Files\eBay\eBay

Toolbar2\eBayTB.dll
O4 - HKLM\..\Run:

[IndicatorUtility] C:\Program

Files\Fujitsu\Fujitsu Hotkey

Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd]

C:\Program

Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [APVXDWIN]

"C:\Program Files\Panda

Software\Panda Antivirus

Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [PrinTray]

C:\WINDOWS\System32\spool\DRIVERS\

W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73

Button Monitor]

C:\PROGRA~1\LEXMAR~1\ACMonitor_X73

.exe
O4 - HKLM\..\Run: [Lexmark X73

Button Manager]

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.

exe
O4 - HKLM\..\Run:

[ezShieldProtector for Px]

C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MCUpdateExe]

C:\PROGRA~1\McAfee.com\Agent\mcupd

ate.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate]

C:\WINDOWS\Plaxo\2.1.0.80\InstallS

tub.exe -a
O4 - HKCU\..\Run: [Mobipocket Web

Companion] C:\Program Files\Common

Files\Mobipocket

Shared\webcomp.exe -m
O4 - HKCU\..\Run: [H/PC Connection

Agent] "C:\Program Files\Microsoft

ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Acrobat

Assistant.lnk = C:\Program

Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe
O4 - Global Startup: Belkin PCMCIA

WLAN Monitor.lnk =

C:\WINDOWS\system32\monitorbk.exe
O4 - Global Startup: SysTray.lnk =

?
O8 - Extra context menu item:

&eBay Search - res://C:\Program

Files\eBay\eBay

Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item:

&Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cm

search.html
O8 - Extra context menu item:

Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cm

backlinks.html
O8 - Extra context menu item:

Cached Snapshot of Page -

res://c:\program

files\google\GoogleToolbar1.dll/cm

cache.html
O8 - Extra context menu item:

E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office1

0\EXCEL.EXE/3000
O8 - Extra context menu item:

Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cm

similar.html
O8 - Extra context menu item:

Translate into English -

res://c:\program

files\google\GoogleToolbar1.dll/cm

trans.html
O9 - Extra button: Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F

4A1} - C:\Program

Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem:

VisualRoute Trace -

{04849C74-016E-4a43-8AA5-1F01DE57F

4A1} - C:\Program

Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608

501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun

Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608

501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile

Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2

D4F} - C:\Program Files\Microsoft

ActiveSync\inetrepl.dll
O9 - Extra button: (no name) -

{2EAF5BB2-070F-11D3-9307-00C04FAE2

D4F} - C:\Program Files\Microsoft

ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem:

Create Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2

D4F} - C:\Program Files\Microsoft

ActiveSync\inetrepl.dll
O9 - Extra button: ICQ Pro -

{6224f700-cba3-4071-b251-47cb89424

4cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ -

{6224f700-cba3-4071-b251-47cb89424

4cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Yahoo!

Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3

C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager

.exe
O9 - Extra 'Tools' menuitem:

Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3

C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager

.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795

683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795

683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program

Files\Internet

Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF:

START_PAGE_URL=http://www.awardwin

ninginternet.com
O16 - DPF:

{02BED220-FBC7-4392-93A2-3A50B056F

78E} -

http://down.plaxo.com/down/release

/instub.cab
O16 - DPF:

{08BEF711-06DA-48B2-9534-802ECAA2E

4F9} (PlxInstall Class) -

https://www.plaxo.com/down/release

/PlaxoInstall.cab
O16 - DPF:

{0E5F0222-96B9-11D3-8997-00104BD12

D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop

/pcpitstop.cab
O16 - DPF:

{0E8D0700-75DF-11D3-8B4A-0008C7450

C4A} (DjVuCtl Class) -

http://downloadcenter.samsung.com/

content/common/cab/DjVuControlLite

_EN.cab
O16 - DPF:

{15AD6789-CDB4-47E1-A9DA-992EE8E6B

AD6} -

http://static.windupdates.com/cab/

CDT/ie/bridge-c454.cab
O16 - DPF:

{74D05D43-3236-11D4-BDCD-00C04F9A3

B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537

/2004061001/housecall.trendmicro.c

om/housecall/xscan53.cab
O16 - DPF:

{9A9307A0-7DA4-4DAF-B042-5009F29E0

9E1} (ActiveScan Installer Class)

-

http://www.pandasoftware.com/activ

escan/as5/asinst.cab
O16 - DPF:

{B38870E4-7ECB-40DA-8C6A-595F0A551

9FF}

(MsnMessengerSetupDownloadControl

Class) -

http://messenger.msn.com/download/

MsnMessengerSetupDownloader.cab
O16 - DPF:

{C02226EB-A5D7-4B1F-BD7E-635E46C22

88D} (Toontown Installer ActiveX

Control) -

http://download.toontown.com/sv1.0

.14.47/ttinst.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\

{A72E03FD-B0E6-4F47-B299-28C4C867B

262}: NameServer = 207.109.251.1
O20 - Winlogon Notify: GoToMyPC -

C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: Ati HotKey Poller -

Unknown owner -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: GoToMyPC - Unknown

owner - C:\Program

Files\Expertcity\GoToMyPC\g2svc.ex

e" -service (file missing)
O23 - Service: LexBce Server

(LexBceS) - Lexmark International,

Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia

Licensing Service - Unknown owner

- C:\Program Files\Common

Files\Macromedia

Shared\Service\Macromedia

Licensing.exe
O23 - Service: Panda anti-virus

service (PAVSRV) - Panda Software

- C:\Program Files\Panda

Software\Panda Antivirus

Titanium\Pavsrv51.exe
O23 - Service: Pml Driver HPZ12 -

HP -

C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SystemSuite Task

Manager - V Communications, Inc. -

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.e

xe
O23 - Service: TrueVector Internet

Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZoneLabs\vsmon

.exe
  • 0

#5
Guest_usetobe_*
Posted 29 March 2005 - 01:16 PM

Guest_usetobe_*
  • Guest
Hi Angaleza,

The log you just posted is very disjointed, if you restart HJT and click on the button that says "Do a system scan and save a logfile", you will get the logfile open in a notepad window.

Once that happens, click on "edit" on top row, then click on select all, that will highlight everything in blue. Then click on edit againe and then click on copy.

Then reply to this thread and if you put mouse cursor in the reply box and right click it, then click on paste and the log will then paste into the reply box in the correct formatt

Thanks,

Usetobe
  • 0

#6
angaleza
Posted 29 March 2005 - 02:03 PM

angaleza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:00:54 PM, on 3/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\monitorbk.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awardwinninginternet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awardwinninginternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awardwinninginternet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awardwinninginternet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Award Winning Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.awardwinninginternet.com
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.co...ease/instub.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/pcpitstop.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c454.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...4.47/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A72E03FD-B0E6-4F47-B299-28C4C867B262}: NameServer = 207.109.251.1
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#7
Guest_usetobe_*
Posted 29 March 2005 - 02:18 PM

Guest_usetobe_*
  • Guest
Hi Angaleza,

I will analyse your HJT log and get back to you once my reply has been checked by my mentors

Regards,


Usetobe
  • 0

#8
ScHwErV
Posted 29 March 2005 - 03:13 PM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
angaleza

Hello and welcome to Geeks To Go

usetobe is already busy working on other logs, so I have asked that Avohir (A HiJackThis Helper Staff Member) continue to help you with your problem.

Sorry for the confusion. You are in good hands now.

ScHwErV :tazz:
  • 0

#9
Avohir
Posted 29 March 2005 - 03:28 PM

Avohir

    Visiting Staff

  • Visiting Consultant
  • 1,002 posts
Sorry for the runaround, welcome to G2G :tazz:

Your log looks good for the most part. Just a little cleanup.

Open up HijackThis and click "system scan only", then put check marks next to the following entries.

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c454.cab

next, close all open windows and click "fix checked", then reboot and post a fresh log file.
  • 0

#10
angaleza
Posted 29 March 2005 - 03:29 PM

angaleza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Cool --- Thank you for your help.

Angaleza

As this topic appears to be resolved it will now be closed, Should you have any further problems please start a new topic
Thanks
Don

Edited by don77, 17 April 2005 - 08:40 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP