Logfile of HijackThis v1.99.1
Scan saved at 4:12:22 PM, on 8/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Prevx 1\PXConsole.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Prevx 1\PXAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Becker\Desktop\New Folder\HijackThis.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx 1\PXConsole.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123356132093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123356111375
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\MHIMTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx - C:\Program Files\Prevx 1\PXAgent.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
heres my L2MFIX log also
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\MHIMTF.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C01C7A08-D336-C531-4513-9A1E52E6E01D}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Property Sheet Shell Extension"
"{8816BFDF-016D-4527-89EB-62DF94A5E563}"=""
"{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}"="MediaFace extension"
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8816BFDF-016D-4527-89EB-62DF94A5E563}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8816BFDF-016D-4527-89EB-62DF94A5E563}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8816BFDF-016D-4527-89EB-62DF94A5E563}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8816BFDF-016D-4527-89EB-62DF94A5E563}\InprocServer32]
@="C:\\WINDOWS\\system32\\MHIMTF.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 10D1-803A
Directory of C:\WINDOWS\System32
08/06/2005 04:32 PM <DIR> dllcache
08/06/2005 04:31 PM <DIR> ..
08/06/2005 04:31 PM <DIR> .
08/06/2005 04:08 PM 417,792 kgdazel.dll
08/06/2005 04:02 PM 417,792 MHIMTF.dll
08/06/2005 03:47 PM 417,792 kwdhe220.dll
08/06/2005 02:57 PM 417,792 mmcsubs.dll
08/06/2005 02:24 PM 417,792 guard.tmp
08/05/2005 03:35 PM 417,792 tmolhelp.dll
07/13/2005 04:06 PM 417,792 nymsdba.dll
07/13/2005 04:02 PM 401,408 j?vaw.exe
07/10/2005 11:36 PM 417,792 elcapi.dll
07/10/2005 12:16 PM 417,792 ml4sdmod.dll
07/07/2005 02:46 PM 417,792 egent.dll
07/05/2005 08:53 AM 417,792 czl3d32.dll
06/29/2005 11:56 AM 417,792 lxk.dll
06/28/2005 11:06 PM 417,792 pncn20.dll
06/23/2005 07:40 PM 8 71CF19C257.dll
12/13/2004 02:49 AM 260,169 678o84.exe
07/09/2004 11:02 AM 1,104 LsxI52.e28
05/28/2004 06:42 PM 1,020 Rwn0Y4.42n
05/28/2004 12:20 PM 1,188 Ahn9.ew7
03/12/2004 12:11 AM 32 {CD5C29B2-DBB0-4BBE-B3E2-17018021BAF6}.dat
03/12/2004 12:10 AM 32 {C665B04E-DDE6-41F0-AEBC-F2F32E6FE0AE}.dat
03/12/2004 12:10 AM 32 {FC9972EF-CCCB-4909-9E23-A7A83DA101BD}.dat
03/12/2004 12:08 AM 32 {AF645319-AD41-47DE-B3A0-11A43DD25645}.dat
03/12/2004 12:08 AM 32 {2EC4A8D3-7C4C-4FAB-A336-4A0F076C8347}.dat
03/12/2004 12:08 AM 32 {7B641BD2-5C26-4AD5-BBCC-9689109BDB14}.dat
03/12/2004 12:07 AM 32 {2940429D-D8FD-4AF9-96B5-AB974E660571}.dat
03/11/2004 11:28 PM <DIR> Microsoft
26 File(s) 6,096,417 bytes
4 Dir(s) 46,410,207,232 bytes free
Edited by codycjb, 06 August 2005 - 02:34 PM.