1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT log

Discussion in 'Virus & Other Malware Removal' started by MathewHeroic, Jul 17, 2006.

Thread Status:
Not open for further replies.
  1. MathewHeroic

    MathewHeroic Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    1
    hey man. What should I do from here?

    Logfile of HijackThis v1.99.1
    Scan saved at 1:15:34 PM, on 7/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ishost.exe
    C:\WINDOWS\system32\issearch.exe
    C:\WINDOWS\system32\isnotify.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\ismon.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\program files\dell\traytool.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
    C:\WINDOWS\system32\9a515cfc.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Adder Robot\Adder Robot 3.0.exe
    C:\Program Files\Network Associates\VirusScan\scan32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\HEAT\CallLog32.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.real.com/player/?pcode=rn&cpath=rpinprod&rsrc=rp8uibutn
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
    O4 - HKLM\..\Run: [9a515cfc.exe] C:\WINDOWS\system32\9a515cfc.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [9a515cfc.exe] C:\Documents and Settings\Matthew_Barletta\Local Settings\Application Data\9a515cfc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://heat.uml.edu/iheat/iHEAT-activex.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.63.154.160/activex/AxisCamControl.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fs.uml.edu
    O17 - HKLM\Software\..\Telephony: DomainName = fs.uml.edu
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E7EF3DA-0E7C-48FA-AE33-A45E4E78250A}: NameServer = 129.63.1.27,129.63.1.28
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fs.uml.edu
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fs.uml.edu
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winvtu32 - C:\WINDOWS\SYSTEM32\winvtu32.dll
    O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi MathewHeroic

    Welcome to TSG! :)

    I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread and you may get overlooked.

    Please continue in this thread.
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Go here and download the Free Trial version of SpySweeper.

    • Click on "Download the trial" on the right side of the page.
    • Save the ssfsetup file to your desktop or somewhere convenient.
    • Doubleclick the ssfsetup file to begin the setup.
    • Follow the prompts to complete the installation then click "Finish" and Spysweeper should launch.
    • When it first opens, Spysweeper will prompt you to "Check for Updated Definitions"
    • Click "Yes" and dowload the updates.
    • After the updated definitons are downloaded, click the "Options" button on the left.
    • Under "What to Sweep", select ALL the boxes there.
    • Click the "Sweep" button on the left then click "Start" to begin the scan.
    • When it's finished scanning, click the "Next" button.
    • Make sure everything has a check next to it by clicking the "Select All" button.
    • Click the "Next" button and it will remove the selected entries.
    • Click "Finish" then exit Spysweeper.
    • Restart your computer


    * Go here and do the BitDefender online virus scan.
    • Click "I Agree" to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click "Click here to scan" to begin the scan.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on "Click here to export the scan results"
    • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

    Note: You have to use Internet Explorer to do the online scan.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/484120

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice