1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Must have Spyware

Discussion in 'Virus & Other Malware Removal' started by RFC, Feb 2, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. RFC

    RFC Thread Starter

    Joined:
    Sep 29, 2000
    Messages:
    20
    Please assist me with my hijack log. Browser is being hijacked and pop ups galore. Have used adaware and spybot but keep returning. Thanks in advance.
    Logfile of HijackThis v1.98.2
    Scan saved at 5:30:22 PM, on 2/2/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\sm56hlpr.exe
    F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    F:\Program Files\D-Link\Air Utility\AirCFG.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\System32\CTsvcCDA.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\WINDOWS\System32\tcpsvcs.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\WZCBDL Service\WZCBDLS.exe
    F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    F:\WINDOWS\System32\svchost.exe
    C:\Program Files\CxtPls\CxtPls.exe
    F:\WINDOWS\system32\devldr32.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\Documents and Settings\Rob\My Documents\hijack\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
    O4 - HKLM\..\Run: [\\ROBERT\EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P32 "\\ROBERT\EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
    O4 - HKLM\..\Run: [D-Link Air Utility] F:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [msmc] F:\WINDOWS\system32\msmc.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - F:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  3. RFC

    RFC Thread Starter

    Joined:
    Sep 29, 2000
    Messages:
    20
    here is the new log and Adaware is the personal edition
    Logfile of HijackThis v1.99.0
    Scan saved at 7:29:40 AM, on 2/3/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\sm56hlpr.exe
    F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    F:\Program Files\D-Link\Air Utility\AirCFG.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\System32\CTsvcCDA.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\WINDOWS\System32\tcpsvcs.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\WZCBDL Service\WZCBDLS.exe
    F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\CxtPls\CxtPls.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\WINDOWS\system32\devldr32.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\Documents and Settings\Rob\My Documents\hijack\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
    O4 - HKLM\..\Run: [\\ROBERT\EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P32 "\\ROBERT\EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
    O4 - HKLM\..\Run: [D-Link Air Utility] F:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [msmc] F:\WINDOWS\system32\msmc.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - F:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Unknown - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WZCBDL Service - D-Link - F:\Program Files\WZCBDL Service\WZCBDLS.exe
     
  4. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    I know you have both of these but you have items on your machine that they should have gotten rid of them for you just make sure they are updated and configured as described



    Spybot - Search & Destroy from http://security.kolla.de
    Download Adaware SE http://www.lavasoftusa.com/support/download/


    then


    Run Sybot S&D

    After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

    Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

    then reboot &


    Run ADAWARE

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window :Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)


    Restart your computer.


    then post a new hijackthis log
     
  5. RFC

    RFC Thread Starter

    Joined:
    Sep 29, 2000
    Messages:
    20
    here is the new log after installing updated spybot and aaw
    Logfile of HijackThis v1.99.0
    Scan saved at 11:02:35 AM, on 2/3/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\System32\CTsvcCDA.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\WINDOWS\System32\tcpsvcs.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\WZCBDL Service\WZCBDLS.exe
    F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\WINDOWS\sm56hlpr.exe
    F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    F:\Program Files\D-Link\Air Utility\AirCFG.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\Documents and Settings\Rob\My Documents\hijack\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
    O4 - HKLM\..\Run: [\\ROBERT\EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P32 "\\ROBERT\EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
    O4 - HKLM\..\Run: [D-Link Air Utility] F:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [msmc] F:\WINDOWS\system32\msmc.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - F:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Unknown - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WZCBDL Service - D-Link - F:\Program Files\WZCBDL Service\WZCBDLS.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Print this and boot to safe mode
    Fix these with HJT

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [msmc] F:\WINDOWS\system32\msmc.exe

    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -



    View Hidden Files
    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Delete these files

    F:\WINDOWS\system32\msmc.exe

    START – RUN – key in %temp% - Edit – Select all – File – Delete
    Empty the recycle bin
    Boot and post a new log
     
  7. RFC

    RFC Thread Starter

    Joined:
    Sep 29, 2000
    Messages:
    20
    Followed your instructions but could not find F:\windows\system32\msmc.exe to delete. I made sure all hidden files and system files were showing and even did a search for the file but nothing. Continued with the rest of the directions and here is the log file.

    Logfile of HijackThis v1.99.0
    Scan saved at 4:08:12 PM, on 2/3/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\sm56hlpr.exe
    F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    F:\Program Files\D-Link\Air Utility\AirCFG.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\System32\CTsvcCDA.EXE
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\WINDOWS\System32\tcpsvcs.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\WZCBDL Service\WZCBDLS.exe
    F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Documents and Settings\Rob\My Documents\hijack\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
    O4 - HKLM\..\Run: [\\ROBERT\EPSON Stylus C64 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P32 "\\ROBERT\EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
    O4 - HKLM\..\Run: [D-Link Air Utility] F:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - F:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Unknown - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WZCBDL Service - D-Link - F:\Program Files\WZCBDL Service\WZCBDLS.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Looks good - how is it
     
  9. RFC

    RFC Thread Starter

    Joined:
    Sep 29, 2000
    Messages:
    20
    I do not seem to have anymore problems. Thanks for your help. I'm still trying to figure out where all that stuff came from. We are usually very diigent about the web sites we visit and the only thing I can think of is a new software program that my daughter bought and installed called Noteworthy which is a music editing software. I'm going to ask them if they bundle their software with any additional programs.

    RFC
    *the only time I was in south carolina was at Parris Island and that was many moons ago but looking back "it was fine"
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    SC is not Paris Island, but we appreciate your time as a Marine

    Keep AdAware and SpyBot updated and watch where u go
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326080

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice