1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijack log that needs help

Discussion in 'Virus & Other Malware Removal' started by tomea, Feb 13, 2005.

Thread Status:
Not open for further replies.
  1. tomea

    tomea Thread Starter

    Joined:
    May 24, 2003
    Messages:
    101
    pls check to see what is wrong with this, as I have tried everything from spybot to ad-aware to system scam mcafee.

    thnx,
    tomea

    Logfile of HijackThis v1.99.0
    Scan saved at 4:23:33 PM, on 2/13/05
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINXP\System32\smss.exe
    C:\WINXP\system32\winlogon.exe
    C:\WINXP\system32\services.exe
    C:\WINXP\system32\lsass.exe
    C:\WINXP\system32\svchost.exe
    C:\WINXP\System32\svchost.exe
    C:\WINXP\system32\spoolsv.exe
    C:\WINXP\Explorer.EXE
    C:\WINXP\System32\igfxtray.exe
    C:\WINXP\System32\hkcmd.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINXP\system\lsvchost.exe
    C:\WINXP\system\winlgon.exe
    C:\WINXP\system\rvchost.exe
    C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
    C:\WINXP\ALCXMNTR.EXE
    C:\Documents and Settings\Lance\Application Data\Microsoft\Internet Explorer\svhost.exe
    C:\WINXP\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINXP\Plaxo\1.4.2.25\InstallStub.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Excelerator\excelerator.exe
    C:\Documents and Settings\Lance\Application Data\Microsoft\Internet Explorer\svhost.exe
    C:\Program Files\TELUS eCare\bin\mpbtn.exe
    C:\WINXP\inf\.sys\srvany.exe
    C:\WINXP\inf\.sys\win1\nvsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\WINXP\inf\.sys\srvany.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINXP\inf\.sys\windrop1\nvsvc.exe
    C:\WINXP\system32\himem.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINXP\System32\wuauclt.exe
    E:\AUTORUN.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Lance\Local Settings\Temporary Internet Files\Content.IE5\RVQUAJQA\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.excel.com/canada/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.excel.com/canada/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excel.com/canada/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.excel.com/canada"); (C:\Program Files\Netscape\Users\lance\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINXP\Downloaded Program Files\ycomp5_1_6_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINXP\system32\mscfg.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Excelerator\PBHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Canada Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINXP\Downloaded Program Files\ycomp5_1_6_0.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\System32\hkcmd.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [3D3FC418] C:\WINXP\TEMP\~A40C.tmp.exe
    O4 - HKLM\..\Run: [.mscdsr] C:\WINXP\system\lsvchost.exe
    O4 - HKLM\..\Run: [.service] C:\WINXP\system\winlgon.exe
    O4 - HKLM\..\Run: [.symantec] C:\WINXP\system\rvchost.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [.mscsbl] C:\Documents and Settings\Lance\Application Data\Microsoft\Internet Explorer\svhost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Total Internet] C:\Program Files\Excel Canada,\fptool.exe
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINXP\Plaxo\1.4.2.25\InstallStub.exe -a
    O4 - HKCU\..\Run: [Microsoft Update] Svhost.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyExcelerated Internet Access TM.lnk = C:\Program Files\Excelerator\excelerator.exe
    O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
    O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Excelerator\excelerator.exe/250
    O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Excelerator\excelerator.exe/227
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108332831953
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Canada Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O23 - Service: BNC - Unknown - C:\WINXP\inf\.sys\srvany.exe
    O23 - Service: ctrlkrnl - Unknown - C:\WINXP\System32\ctrlkrnl.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: Emitted by the programs functioning under Windows - Unknown - C:\WINXP\inf\.sys\srvany.exe
    O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Windows Resolves and caches Internet Naming System - Unknown - C:\WINXP\system32\srvany.exe
    O23 - Service: Remote Administrator Service - Unknown - C:\WINXP\system32\himem.exe
    O23 - Service: zzzxDeMe - Unknown - C:\WINXP\System32\zzzxmnwp.exe
    O23 - Service: zzzxIPSPEC_1 - Unknown - C:\WINXP\System32\zzzx3tdc.exe
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Create a permanent folder on your hard drive like c:\program files\hjt.
    Download Hijackthis and click "Save", direct it to the permanent folder you created. Double click on hijackthis.exe and select "Do a system scan and save a logfile". This log will open in notepad. Copy and paste the log back here for review.
    Don't make any changes until instructed to do so.

    **Note this is a new version of HJT so please do the download.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/330214

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice