1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Hijack This

Discussion in 'Virus & Other Malware Removal' started by greenbug, Feb 12, 2005.

Thread Status:
Not open for further replies.
  1. greenbug

    greenbug Thread Starter

    Joined:
    Feb 9, 2003
    Messages:
    172
    Would someone look over this Hijack This file and let me know how it looks?
    Second page to follow it's to big to senn at once
    Thanks Bug

    Logfile of HijackThis v1.99.0
    Safe. Shows the version of HijackThis an. The newest version is: v1.99.0! This should be the newest version. (v1.99.0)
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106! This should be the newest version. (6.00.2900.2180)
    C:\WINDOWS\System32\smss.exe
    Safe. running process. (smss.exe)
    Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.

    C:\WINDOWS\system32\winlogon.exe
    Safe. running process. (winlogon.exe)
    Systemprozess - Windows Login Routine

    C:\WINDOWS\system32\services.exe
    Safe. running process. (services.exe)
    Systemprozess - Verwaltet die Systemdienste.

    C:\WINDOWS\system32\lsass.exe
    Safe. running process. (lsass.exe)
    Systemprozess

    C:\WINDOWS\system32\svchost.exe
    Safe. running process. (svchost.exe)
    Systemprozess - Allgemeiner Hostprozessname für Dienste.

    C:\WINDOWS\System32\svchost.exe
    Safe. running process. (svchost.exe)
    Systemprozess - Allgemeiner Hostprozessname für Dienste.

    C:\WINDOWS\system32\spoolsv.exe
    Safe. running process. (spoolsv.exe)
    Systemprozess

    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    Safe. running process. (ccProxy.exe)
    Part of a Symantec Application

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    Safe. running process. (ccSetMgr.exe)


    C:\WINDOWS\System32\gearsec.exe
    Safe. running process. (gearsec.exe)


    C:\PROGRA~1\Iomega\System32\AppServices.exe
    Safe. running process. (AppServices.exe)


    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    Safe. running process. (navapsvc.exe)
    Norton AntiVirus application that provides auto-protection of the system.

    C:\WINDOWS\System32\nvsvc32.exe
    Safe. running process. (nvsvc32.exe)
    NVIDIA graphics card driver Not dangerous, but unnecessary.

    C:\Program Files\Softex\OmniPass\Omniserv.exe
    Safe. running process. (Omniserv.exe)


    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    Safe. running process. (SAVScan.exe)
    Prozess von Norton Antivirus.

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    Safe. running process. (SNDSrvc.exe)
    Part of a Symantec Application

    C:\WINDOWS\System32\svchost.exe
    Safe. running process. (svchost.exe)
    Systemprozess - Allgemeiner Hostprozessname für Dienste.

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    Safe. running process. (symlcsvc.exe)


    C:\Program Files\Iomega\AutoDisk\ADService.exe
    Safe. running process. (ADService.exe)


    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    Safe. running process. (ccEvtMgr.exe)
    Event logging application

    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    Safe. running process. (SymWSC.exe)
    Symantec NAV compability to SP2 on Windows XP

    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    Safe. running process. (OPXPApp.exe)


    C:\WINDOWS\Explorer.EXE
    Safe. running process. (Explorer.EXE)
    Systemprozess für Desktop und Taskleiste.

    C:\windows\system\hpsysdrv.exe
    Safe. running process. (hpsysdrv.exe)


    C:\HP\KBD\KBD.EXE
    Unknown running process. (KBD.EXE)
    This is a unknown process.

    C:\WINDOWS\LTMSG.exe
    Safe. running process. (LTMSG.exe)
    One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information

    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    Safe. running process. (shwicon2k.exe)


    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    Safe. running process. (mmtask.exe)


    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    Safe. running process. (ImgIcon.exe)


    C:\WINDOWS\System32\hphmon05.exe
    Safe. running process. (hphmon05.exe)
    Part of Hewlett-Packard

    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    Safe. running process. (hpqcmon.exe)
    Hewlett-Packard Digital Imaging
    Possibly nasty! According to our database this process runs normally in c:\programme\hp\digital imaging\unload\! Check if you know this process and arrange a viruscheck where required.
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    Safe. running process. (ADUserMon.exe)


    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    Safe. running process. (ccApp.exe)
    Part of Norton AntiVirus

    C:\Program Files\QuickTime\qttask.exe
    Safe. running process. (qttask.exe)
    Part of QuickTime

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    Safe. running process. (hpztsb04.exe)


    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    Safe. running process. (HPWuSchd2.exe)
    Part of Hewlett-Packard
    Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packard\hp software updat\! Check if you know this process and arrange a viruscheck where required.
    C:\WINDOWS\ALCXMNTR.EXE
    Nasty running process. (ALCXMNTR.EXE)
    Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers This is a nasty process! You should fix it and try to delete it manually!

    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    Safe. running process. (gcasServ.exe)
    Microsoft Antispyware

    C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
    Safe. running process. (pchbutton.exe)
    Used by HP Instant Support Not dangerous, but unnecessary.

    C:\WINDOWS\system32\RUNDLL32.EXE
    Safe. running process. (RUNDLL32.EXE)
    RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.

    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    Safe. running process. (RoboTaskBarIcon.exe)


    C:\WINDOWS\system32\rundll32.exe
    Safe. running process. (rundll32.exe)
    RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    Safe. running process. (hpqtra08.exe)
    HP Digital Imaging
    Possibly nasty! According to our database this process runs normally in c:\archivos de programa\hp\digital imaging\bin\! Check if you know this process and arrange a viruscheck where required.
    C:\Program Files\YCIII\YankClip.exe
    Safe. running process. (YankClip.exe)
    Yankee Clipper III - A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar "Outlook" interface. Freeware Not dangerous, but unnecessary.

    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    Safe. running process. (gcasDtServ.exe)
    Microsoft AntiSpyware

    C:\Program Files\Juno\exec.exe
    Safe. running process. (exec.exe)
    Netzero free ISP software - not required Not dangerous, but unnecessary.

    C:\Program Files\Juno\exec.exe
    Safe. running process. (exec.exe)
    Netzero free ISP software - not required Not dangerous, but unnecessary.

    C:\Program Files\Internet Explorer\iexplore.exe
    Safe. running process. (iexplore.exe)
    Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)

    C:\Program Files\Messenger\msmsgs.exe
    Safe. running process. (msmsgs.exe)
    MSN Messenger

    C:\Program Files\Outlook Express\msimn.exe
    Safe. running process. (msimn.exe)
    Outlook Express

    C:\Program Files\MailWasher Pro\MailWasher.exe
    Safe. running process. (MailWasher.exe)
    Mail Washer
    Possibly nasty! According to our database this process runs normally in c:\programme\firetrust\mailwasher pro\! Check if you know this process and arrange a viruscheck where required.
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe
    Safe. running process. (HijackThis.exe)
    Tool, mit dem sie dieses Logfile erzeugt haben. Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&LogUID=glendale-lane-mayor&CurrentPag e=MyeBayAllBuying&ssPageName=STRK:ME:LNLK
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?MyEbayItemsBiddingOn&userid=glendale-l ane-mayor&pass=V9ZIlVwA4i1oC3F86EMa502&first=N&sellerSort=3&bidderSort=3&watchSo rt=3&dayssince=30&p1=0&p2=0&p3=0&p4=0&p5=0&ssPageName=MerchMax
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
    Possibly nasty Should be fixed if you do not know the application or if no application is mentioned. Should be fixed if you do not know this application.
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 99 %
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    Nasty Entries found in this registry zone are potentially nasty. This application ([243B17DE-77C7-46BF-B94B-0B5F309A0E64] - Result: 243B17DE-77C7-46BF-B94B-0B5F309A0E64) has been checked. Hit rate: 99 % Must be fixed!
    O2 - BHO: ShopSafe Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\WINDOWS\System32\BhoSSafe.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([333F6B96-3992-4D58-A499-145A10FE48C3] - Result: 333F6B96-3992-4D58-A499-145A10FE48C3) has been checked. Hit rate: 99 %
    O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([52706EF7-D7A2-49AD-A615-E903858CF284] - Result: 52706EF7-D7A2-49AD-A615-E903858CF284) has been checked. Hit rate: 99 %
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-206D7942484F] - Result: 53707962-6F74-2D53-2644-206D7942484F) has been checked. Hit rate: 99 %
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([724d43a9-0d85-11d4-9908-00400523e39a] - Result: 724d43a9-0d85-11d4-9908-00400523e39a) has been checked. Hit rate: 99 %
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([9ECB9560-04F9-4bbc-943D-298DDF1699E1] - Result: 9ECB9560-04F9-4bbc-943D-298DDF1699E1) has been checked. Hit rate: 99 %
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([BDF3E430-B101-42AD-A544-FADC6B084872] - Result: BDF3E430-B101-42AD-A544-FADC6B084872) has been checked. Hit rate: 99 %
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    Unnecessarily Entries found in this registry zone are potentially nasty. This application ([FDD3B846-8D59-4ffb-8758-209B6AD74ACC] - Result: FDD3B846-8D59-4ffb-8758-209B6AD74ACC) has been checked. Hit rate: 99 % Must be fixed!
    Unnecessary (deactivated) entry that can be fixed.
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    Nasty Entries found in this registry zone are potentially nasty. This application ([B2847E28-5D7D-4DEB-8B67-05D28BCF79F5] - Result: B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 % Must be fixed!
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([724d43a0-0d85-11d4-9908-00400523e39a] - Result: 724D43A0-0D85-11D4-9908-00400523E39A) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 82 %
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7] - Result: 0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    Safe. Entries found in this registry zone are potentially nasty. This application ([42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6] - Result: 42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
    O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\Toolbar.dll
     
  2. greenbug

    greenbug Thread Starter

    Joined:
    Feb 9, 2003
    Messages:
    172
    Here is the rest of the file

    Thanks Bug

    Safe. Entries found in this registry zone are potentially nasty. This application ([F5735C15-1FB2-41FE-BA12-242757E69DDE] - Result: F5735C15-1FB2-41FE-BA12-242757E69DDE) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
    O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dll
    Unknown Entries found in this registry zone are potentially nasty. This application ([5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4] - Result: ) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: -1 % If you do not know that application, fix it.
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    Safe. Hewlett-Packard
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    Safe. Application that implements the Intel Hotkey command.
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    Safe. One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
    Hit rate: 71 % (result)
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    Safe. StorageGuard from Veritas (this version by Sonic). Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that havent recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    Safe. Part of RealPlayer
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    Safe. Card reader for memory cards from digital cameras, etc
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    Safe. Hewlett Packard Software
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    Safe. Application that allows a users to have 32 virtual desktops, get a desktop larger than the viewable area of the monitor, divide the display across more than one monitor, manage applications, and many more features.
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    Safe. Part of NVidia
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    Safe. Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    Safe. Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
    Hit rate: 44 % (result)
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    Unknown ?
    Hit rate: 99 % (result) Unknown application.
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    Safe. Part of Hewlett-Packard
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    Safe. Adds Iomega Zip drive icons to the desktop
    Hit rate: 90 % (result) Not dangerous, but unnecessary.
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    Safe. Part of Hewlett-Packard
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    Safe. On HP PC\'s. Unclear what purpose it serves - but there\'s a known issue with Internet Explorer Toolbar settings not being saved with it enabled
    Hit rate: 99 % (result) Not dangerous, but unnecessary.
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    Safe.
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    Safe. Part of Norton AntiVirus 2003. Auto-protect and E-mail check will not function without this
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
    Safe. Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
    Hit rate: 63 % (result) Not dangerous, but unnecessary.
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    Safe. Part of Norton Internet Security. From Symantec - "UrlLstCk.exe is a necessary file that will be present in C:\Program Files\Norton Internet Security. It is a URL Checklist. It should not be disabled"
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Safe. QuickTime
    Hit rate: 99 % (result) Not dangerous, but unnecessary.
    O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
    Safe. Spyware Blaster
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    Safe. Part of Symantec
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    Safe. HP-DeskJet Taskbar Utility]
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    Safe. Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadates but probably requireD if you leave them to run automatically - hence the "U" recommendation
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    Safe. HP software updates. If a shortcut doesn\'t exist create your own and run it manually
    Hit rate: 93 % (result) Not dangerous, but unnecessary.
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    Nasty Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
    Hit rate: 57 % (result) Must be fixed!
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    Safe. Giant Antispyware
    Hit rate: 99 % (result)
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    Safe. NVidia Nview
    Hit rate: 99 % (result)
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
    Safe. Used by HP Instant Support
    Hit rate: 99 % (result) Not dangerous, but unnecessary.
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    Unknown HP Digital Imaging related. What does it do and is it required?
    Hit rate: 99 % (result) Unknown application.
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    Safe. Part of NVidia
    Hit rate: 65 % (result)
    O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
    Safe. Puts a configurable time/date display in the tray (and other features). Freeware by Dale Nurden and is popular on cover disks
    Hit rate: 99 % (result)
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    Safe. Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin
    Hit rate: 99 % (result) Not dangerous, but unnecessary.
    O4 - Startup: Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe
    Safe. Yankee Clipper III - A super powerful Windows clipboard extender/memory - now in its third generation. Handles Pictures, Richtext, URLS, etc - any size. Features printing, drag and drop, optional permanent storage of clippings. Familiar "Outlook" interface. Freeware
    Hit rate: 94 % (result) Not dangerous, but unnecessary.
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    Safe. Part of Acrobat Reader 7
    Hit rate: 79 % (result)
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    Safe. HP digital imaging monitor; can apparently be launched manually.
    Hit rate: 95 % (result) Not dangerous, but unnecessary.
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    Safe. The entry Customize Menu &4 has been identified as safe. If the entry 'Customize Menu &4 ' is not needed anymore, it should be fixed.
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
    Possibly nasty Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed. To be fixed if the entry 'Display All Images with Full Quality ' is unknown.
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
    Possibly nasty Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed. To be fixed if the entry 'Display Image with Full Quality ' is unknown.
    O8 - Extra context menu item: E-&mail Page - c:\windows\web\Mailto_URL.HTM
    Possibly nasty Entries shown in the menu that pops up when right-clicking into the Internet Explorer. Unknown entries should be fixed. To be fixed if the entry 'E-&mail Page ' is unknown.
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    Safe. The entry Fill Forms &] has been identified as safe. If the entry 'Fill Forms &] ' is not needed anymore, it should be fixed.
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Safe. The entry Save Forms &[ has been identified as safe. If the entry 'Save Forms &[ ' is not needed anymore, it should be fixed.
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    Safe. The entry has been identified as safe. If the entry '' is not needed anymore, it should be fixed.
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    Safe. The entry Sun Java Console has been identified as safe. If the entry 'Sun Java Console ' is not needed anymore, it should be fixed.
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    Safe. The entry Fill Forms has been identified as safe. If the entry 'Fill Forms ' is not needed anymore, it should be fixed.
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    Safe. The entry Fill Forms &] has been identified as safe. If the entry 'Fill Forms &] ' is not needed anymore, it should be fixed.
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Safe. The entry Save has been identified as safe. If the entry 'Save ' is not needed anymore, it should be fixed.
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Safe. The entry Save Forms &[ has been identified as safe. If the entry 'Save Forms &[ ' is not needed anymore, it should be fixed.
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    Safe. The entry RoboForm has been identified as safe. If the entry 'RoboForm ' is not needed anymore, it should be fixed.
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    Safe. The entry RoboForm &2 has been identified as safe. If the entry 'RoboForm &2 ' is not needed anymore, it should be fixed.
    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
    Unnecessarily Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry '' is unknown.
    Unnecessary (deactivated) entry that can be fixed.
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'MoneySide ' is unknown.
    O9 - Extra button: Clarify - {F7D275AE-D4A5-4964-AD1F-5BD3705A5032} - C:\Program Files\ClarifyButton\ClarifyButton.dll
    Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'Clarify ' is unknown.
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore, it should be fixed.
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    Safe. The entry Windows Messenger has been identified as safe. If the entry 'Windows Messenger ' is not needed anymore, it should be fixed.
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    Safe. This entry has been identified as safe.
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    Safe. This entry has been identified as safe.
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://F:\content\include\XPPatchInstaller.CAB
    Safe. This entry has been identified as safe.
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    Safe. This entry has been identified as safe.
    O16 - DPF: {66BB2143-EA4B-4323-A703-B973D9A0475E} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab
    Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://F:\Content\include\msSecUcd.cab
    Safe. This entry has been identified as safe.
    O16 - DPF: {9D5B6642-8C3F-4504-B2FC-42779ABAE4B9} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
    Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    Safe. This entry has been identified as safe.
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    Safe. This entry has been identified as safe.
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
    O17 - HKLM\System\CCS\Services\Tcpip\..\{590A41A9-2EF1-4055-87A4-498259F52F6B}: NameServer = 64.136.20.121 64.136.28.121
    Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '64.136.20.121 64.136.28.121'? If not, fix this entry.
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ccEvtMgr.exe) was identified as a good one.
    O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ccProxy.exe) was identified as a good one.
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ccPwdSvc.exe) was identified as a good one.
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ccSetMgr.exe) was identified as a good one.
    O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (gearsec.exe) was identified as a good one.
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (AppServices.exe) was identified as a good one.
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (iPodService.exe) was identified as a good one.
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (navapsvc.exe) was identified as a good one.
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (nvsvc32.exe) was identified as a good one.
    O23 - Service: Softex OmniPass Service - Unknown - C:\Program Files\Softex\OmniPass\Omniserv.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (Omniserv.exe) was identified as a good one.
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (SAVScan.exe) was identified as a good one.
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (SBServ.exe) was identified as a good one.
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (SNDSrvc.exe) was identified as a good one.
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (symlcsvc.exe) was identified as a good one.
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (SymWSC.exe) was identified as a good one.
    O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
    Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. This service (ADService.exe) was identified as a good one.
    13 Nasty
    Save analysis | O8 - Extra context menu item: Display All Images with Full Quality - res://C:\\Program Files\\Juno\\qsacc\\appres.dll/228 - Possibly nasty
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\\Program Files\\Juno\\qsacc\\appres.dll/227 - Possibly nasty
    O8 - Extra context menu item: E-mail Page - c:\\windows\\web\\Mailto_URL.HTM - Possibly nasty
    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file) - Possibly nasty
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\\Program Files\\Microsoft Money\\System\\mnyside.dll - Possibly nasty
    O9 - Extra button: Clarify - {F7D275AE-D4A5-4964-AD1F-5BD3705A5032} - C:\\Program Files\\ClarifyButton\\ClarifyButton.dll - Possibly nasty
    O16 - DPF: {66BB2143-EA4B-4323-A703-B973D9A0475E} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish.com/SnapfishOutlookImport.cab - Possibly nasty
    O16 - DPF: {9D5B6642-8C3F-4504-B2FC-42779ABAE4B9} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab - Possibly nasty
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 - Possibly nasty
    O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{590A41A9-2EF1-4055-87A4-498259F52F6B}: NameServer = 64.136.20.121 64.136.28.121 - Possibly nasty
    ','','toolbar=no,scrollbars=yes,width=500,height=500');return false;">Short analyzing
    (NOTICE: Your analysis will only be saved for 3 days.)
    You should save this file on your hard disk drive. (right click -> save target as)


    Use these tips at your own risk!

    Copyright © 2004 - 2005 by Mathias Mattner | Contact | File Database
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Hijack
  1. genubi
    Replies:
    0
    Views:
    306
  2. bj nick
    Replies:
    0
    Views:
    691
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329748

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice