1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijackthis help please!!!

Discussion in 'Virus & Other Malware Removal' started by attewode, Jan 21, 2006.

Thread Status:
Not open for further replies.
  1. attewode

    attewode Thread Starter

    Joined:
    Jan 21, 2006
    Messages:
    1
    Can someone look at this and tell me if i need to remove anything? Thank you

    Logfile of HijackThis v1.99.1
    Scan saved at 9:23:45 AM, on 1/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\WLTRYSVC.EXE
    C:\WINNT\System32\bcmwltry.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\WINNT\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Gateway Utilities\GWInkMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\system32\MsgSys.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\jam\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
    O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
    O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
    O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
    O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c15.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095976425078
    O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
    O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A74F6834-AD1F-4204-9939-8F07BC8EE7EB}: NameServer = 207.69.188.185 207.69.188.186
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CWShredder Service - Unknown owner - C:\Program Files\InterMute\SpySubtract\CWShredder.exe (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE

    StartupList report, 1/21/2006, 9:22:13 AM
    StartupList version: 1.52.2
    Started from : C:\jam\hijackthis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================

    Running processes:

    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\WLTRYSVC.EXE
    C:\WINNT\System32\bcmwltry.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\WINNT\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Gateway Utilities\GWInkMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\system32\MsgSys.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\jam\hijackthis\HijackThis.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINNT\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    IgfxTray = C:\WINNT\System32\igfxtray.exe
    HotKeysCmds = C:\WINNT\System32\hkcmd.exe
    AGRSMMSG = AGRSMMSG.exe
    SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Logitech Utility = Logi_MwX.Exe
    InCD = C:\Program Files\Ahead\InCD\InCD.exe
    EPSON Stylus Photo RX500 = C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
    vptray = C:\Program Files\NavNT\vptray.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
    Gateway Ink Monitor = "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
    CXMon = "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

    --------------------------------------------------

    Shell & screensaver key from C:\WINNT\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    EarthLink ScamBlocker V2 - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll - {15F4D456-5BAA-4076-8486-EECB38CD3E57}
    EarthLink PopUp Blocker V2 - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll - {512ACF1B-64D9-4928-B382-A80556F28DB4}
    (no name) - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll - {656EC4B7-072B-4698-B504-2A414C1F0037}
    Earthlink Protection BHO - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll - {9579D574-D4D8-4335-9560-FE8641A013BD}
    Uninstall Legacy Earthlink Toolbar - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll - {E713904C-DF05-4C79-BBAD-02DB923253BE}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    ISP signup reminder 1.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}]
    CODEBASE = http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c15.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINNT\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

    [{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
    CODEBASE = http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab

    [WUWebControl Class]
    InProcServer32 = C:\WINNT\system32\wuweb.dll
    CODEBASE = http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095976425078

    [DigWebHelper Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\DigWebX.dll
    CODEBASE = http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0

    [CWebLaunchCtl Object]
    InProcServer32 = C:\WINNT\System32\weblaunch.ocx
    CODEBASE = http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38112.8531481481

    [{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}]
    CODEBASE = http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINNT\system32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
    Protocol #1: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll
    Protocol #2: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll
    Protocol #3: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll
    Protocol #23: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINNT\system32\SHELL32.dll
    CDBurn: C:\WINNT\system32\SHELL32.dll
    WebCheck: C:\WINNT\System32\webcheck.dll
    SysTray: C:\WINNT\System32\stobject.dll

    --------------------------------------------------
    End of report, 7,005 bytes
    Report generated in 0.078 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Welcome to TSG :)

    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/We...bridge-c15.cab


    Reboot. Everything else looks okay
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435935

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice