ehh new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 9:44:06 PM, on 5/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\taskmgr.exe
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.htmlO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {98833A08-FE75-BFD2-7F42-F0C2665FF2C8} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [trmxadhss] C:\WINDOWS\System32\bpqtft.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [rxmxdzi] C:\WINDOWS\System32\bpqtft.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mexswxggtz] C:\WINDOWS\System32\bpqtft.exe
O4 - HKLM\..\Run: [looodwsgnn] C:\WINDOWS\System32\bpqtft.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [bpqtft] c:\windows\system32\bpqtft.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [prgtect] C:\WINDOWS\System32\prgtect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [intfat32] C:\WINDOWS\System32\intfat32.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: www.miniclip.com
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
http://www.ravantivi...n/ravonline.cabO20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Panda ActiveScan 5.03.00 LOGIncident Status Location
Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Date Manager.lnk
Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GStartup.lnk
Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PrecisionTime.lnk
Spyware:Spyware/New.net No disinfected Windows Registry
Adware:Adware/DealHelper No disinfected C:\Program Files\TimeSync
Adware:Adware/IEPlugin No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Date Manager.lnk
Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GStartup.lnk
Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\PrecisionTime.lnk
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0006235.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0006236.dll
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0006239.dll
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0006240.dll
Adware:Adware/QuickSearch No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0006241.dll
Adware:Adware/Gator No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0006242.exe
Adware:Adware/Gator No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0007268.dll
Adware:Adware/Gator No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0007269.dll
Adware:Adware/Gator No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0007270.exe
Adware:Adware/Gator No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0007274.dll
Adware:Adware/Gator No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP2\A0007275.dll
Adware:Adware/Gator No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP38\A0009227.exe
Adware:Adware/Gator No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP38\A0009230.exe
Adware:Adware/eZula No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018090.lnk
Adware:Adware/eZula No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018091.lnk
Adware:Adware/eZula No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018092.lnk
Adware:Adware/eZula No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018093.dll
Adware:Adware/eZula No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018094.dll
Adware:Adware/eZula No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018095.exe
Adware:Adware/eZula No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018097.dll
Adware:Adware/eZula No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018103.exe
Adware:Adware/KeenValue No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018105.exe
Adware:Adware/KeenValue No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018106.exe
Adware:Adware/KeenValue No disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018107.exe
Virus:Trj/Downloader.IA Disinfected C:\System Volume Information\_restore{1788D871-1C3D-40CB-A28D-E28327542DB4}\RP60\A0018108.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/Gator No disinfected C:\WINDOWS\GatorUninstaller_cme.log
Adware:Adware/Gator No disinfected C:\WINDOWS\GatorUninstaller_cme_u.log
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\kfrnvc.exe
Adware:Adware/Megasearch No disinfected C:\WINDOWS\system32\MegasearchBarSetup.dll
Virus:Trj/Downloader.CHU Disinfected C:\WINDOWS\system32\SHAgentNew.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll
Edited by iceyJDP, 18 May 2005 - 11:17 PM.