Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Please help me find whats wrong with my PC.

[Fixed] Hijackthis! Logs - Please help me find whats wrong with my PC. posted in the Security & Safety forums; Last week I got Trend Micro PC-cillin and it found 2 cases of adware. Everything was going great until my computer crashed. I think something accessed my computer. I just ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 3 1 2 3 >
  #1  
Old 12-17-2007
JrhRobert's Avatar
Bronze Member
My PC
 
Join Date: Dec 2007
Location: Mobile, AL
Posts: 8
PC Experience: Some Experience
JrhRobert - See this Members User comments on their Profile page
Smile Please help me find whats wrong with my PC.
Last week I got Trend Micro PC-cillin and it found 2 cases of adware. Everything was going great until my computer crashed. I think something accessed my computer. I just recently started purchasing things online so this scares me.

Also, I'm getting pro-tools a recording unit with software that takes up a lot of space on your pc. So, can someone please help me optimize my system. Could you please tell me what files I need and what files are just clogging up my computer.

Considering how many hours of my day and how much of my life revolves around using my computer, I can't tell you how appretiative I am for every bit of advice you can give me. Thank you so much.

Sincerely,

Robert

Cowburn199 - Moved to HiJackThis! Log forum
Attached Files
File Type: log hijackthis.log (12.9 KB, 1 views)


Last edited by Cowburn199; 12-17-2007 at 01:27 PM.
  #2  
Old 12-18-2007
cartandpeg's Avatar
Moderator
  
Join Date: Nov 2005
Location: Victoria,Australia
Posts: 845
cartandpeg - See this Members User comments on their Profile page cartandpeg - See this Members User comments on their Profile page
Default Re: Please help me find whats wrong with my PC.
Hi JrhRobert,

Welcome to PCHF.
We have a staff of techs who have a wide variety of skills and will be able to help you with your problem, this is not my area of expertise, one of the folks who can help you should be along shortly.
Thank you
Cart
  #3  
Old 12-18-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,585
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Please help me find whats wrong with my PC.
hello jhn, welcome to the forums.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #4  
Old 12-20-2007
JrhRobert's Avatar
Bronze Member
My PC
 
Join Date: Dec 2007
Location: Mobile, AL
Posts: 8
PC Experience: Some Experience
JrhRobert - See this Members User comments on their Profile page
Default Re: Please help me find whats wrong with my PC.
Here are the results from my combo fix scan.

ComboFix 07-12-20.1 - Rob 2007-12-19 19:55:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.577 [GMT -6:00]
Running from: C:\Documents and Settings\Rob\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
.
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.
2007-12-19 00:57 . 2007-12-19 00:57 <DIR> d-------- C:\Program Files\PC Wizard 2008
2007-12-19 00:57 . 2007-09-15 15:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2007-12-18 05:31 . 2007-12-18 05:33 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2007-12-18 01:08 . 2007-12-18 01:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-18 01:08 . 2007-12-18 01:08 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 22:35 . 2007-12-17 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-17 22:33 . 2007-12-17 22:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-17 21:24 . 2007-09-18 00:29 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-17 21:24 . 2007-09-18 00:29 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-12-17 21:24 . 2007-09-18 00:29 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-12-17 09:04 . 2007-12-17 09:56 38,224 --a------ C:\WINDOWS\system32\drivers\neokdss.sys
2007-12-17 08:53 . 2007-12-17 08:53 <DIR> d-------- C:\WINDOWS\kdefense
2007-12-17 08:53 . 2007-12-17 08:53 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2007-12-17 08:53 . 2007-12-17 08:53 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2007-12-17 08:53 . 2007-12-17 08:53 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2007-12-17 08:53 . 2007-12-17 08:53 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2007-12-17 08:53 . 2007-12-17 08:53 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2007-12-17 08:41 . 2007-12-17 08:41 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-12-17 05:50 . 2007-12-17 05:50 <DIR> d-------- C:\Program Files\CCleaner
2007-12-17 03:34 . 2007-12-17 03:42 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\eMail ID
2007-12-17 03:34 . 2007-12-17 03:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eMail ID
2007-12-17 03:33 . 2007-12-17 03:35 <DIR> d-------- C:\Program Files\eMail ID
2007-12-17 03:33 . 2007-12-17 03:33 <DIR> d-------- C:\Program Files\Common Files\eMail ID
2007-12-17 02:26 . 2007-12-17 03:28 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\HouseCall 6.6
2007-12-12 21:06 . 2007-12-17 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-12 21:05 . 2007-12-17 21:24 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-12 19:45 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-12 19:19 . 2007-12-12 19:19 340 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2007-12-12 19:18 . 2007-12-12 19:18 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-12-12 10:11 . 2007-12-12 10:11 <DIR> d-------- C:\Program Files\AskSBar
2007-12-12 10:06 . 2007-12-12 10:06 164 --a--c--- C:\install.dat
2007-12-12 08:54 . 2007-12-12 08:54 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-12-12 04:33 . 2007-12-12 04:33 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\eBay
2007-12-12 04:33 . 2007-12-15 02:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-12 04:33 . 2007-12-12 04:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2007-12-12 04:31 . 2007-12-12 04:31 <DIR> d-------- C:\Program Files\eBay
2007-12-12 04:31 . 2007-12-12 04:31 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\InstallShield
2007-12-12 04:06 . 2007-12-12 04:06 <DIR> d-------- C:\WINDOWS\cache
2007-12-12 04:06 . 2007-12-12 04:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-12 03:06 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-12-12 03:05 . 2007-12-12 03:05 <DIR> d----c--- C:\NVIDIA
2007-12-11 13:54 . 2007-12-11 13:54 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Yahoo!
2007-12-11 13:48 . 2007-12-18 05:31 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-22 03:06 . 2007-11-22 03:07 <DIR> d-------- C:\Program Files\iTunes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-18 15:02 --------- d-----w C:\Program Files\Program Files
2007-12-18 11:31 --------- d-----w C:\Program Files\Common Files\Scanner
2007-12-18 04:35 --------- d-----w C:\Program Files\Lavasoft
2007-12-13 02:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-13 02:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-12 17:13 --------- d-----w C:\Documents and Settings\Rob\Application Data\Lavasoft
2007-12-12 11:58 --------- d-----w C:\Program Files\Dell
2007-12-12 10:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 03:26 --------- d-----w C:\Documents and Settings\Jan\Application Data\COMCASTTOOLBAR
2007-12-07 14:32 --------- d-----w C:\Program Files\Norton SystemWorks
2007-12-05 11:02 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 11:02 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 11:02 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 11:02 --------- d-----w C:\Program Files\Symantec
2007-12-04 00:10 --------- d-----w C:\Documents and Settings\Rob\Application Data\U3
2007-11-22 09:18 --------- d-----w C:\Program Files\QuickTime
2007-11-15 09:51 --------- d-----w C:\Documents and Settings\Rob\Application Data\Reasonable Software House Ltd
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 08:02 --------- d-----w C:\Documents and Settings\Jan\Application Data\CyberLink
2007-11-09 22:59 --------- d-----w C:\Program Files\Real
2007-11-08 07:37 --------- d-----w C:\Program Files\Java
2007-11-07 06:23 --------- d-----w C:\Program Files\Common Files\Real
2007-11-07 00:51 --------- d-----w C:\Program Files\Google
2007-11-06 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-29 19:51 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-10-28 10:19 --------- d-----w C:\Documents and Settings\Jan\Application Data\Reasonable Software House Ltd
2007-10-28 10:09 --------- d-----w C:\Program Files\Reasonable NoClone 2007 Home
2007-10-28 09:36 --------- d-----w C:\Documents and Settings\Jan\Application Data\Grisoft
2007-10-28 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-28 09:19 --------- d-----w C:\Program Files\Dell Support
2007-10-24 04:32 --------- d-----w C:\Documents and Settings\Rob\Application Data\Windows Desktop Search
2007-10-24 04:14 --------- d-----w C:\Documents and Settings\Jan\Application Data\Windows Desktop Search
2007-10-24 04:12 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-24 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-10-24 03:19 --------- d-----w C:\Documents and Settings\Rob\Application Data\MP3Rocket
2007-10-22 19:23 --------- d-----w C:\Program Files\IncrediMail
2007-10-20 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky lab
2007-10-20 15:49 --------- d-----w C:\Program Files\Support.com
2007-06-17 05:28 4,153,528 ----a-w C:\Program Files\ComcastToolbar.exe
2007-01-18 23:13 1 ----a-w C:\Documents and Settings\Rob\SI.bin
2007-04-19 07:07 88 --sh--r C:\WINDOWS\system32\2C3A1136B4.sys
2007-04-19 07:07 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-12-12 10:11 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-12 10:11 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
{C4069E3A-68F1-403E-B40E-20066696354B}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{92085AD4-F48A-450D-BD93-B28CC7DF67CE}
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-12 10:11 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 03:00 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 04:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
"NSWosCheck"="C:\Program Files\Norton SystemWorks\osCheck.exe" [2007-12-03 01:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 03:00 C:\WINDOWS\system32\rundll32.exe]
"IconixOEAddOn"="C:\Program Files\eMail ID\OEAddOn\OEdmn_2.exe" [2007-12-11 05:40]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 00:29]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 18:29]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
2007-10-31 10:51 599280 --a------ C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-07 18:51 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"Fax"=2 (0x2)
"WZCSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 07:17]
S1 prcmondrv;prcmondrv;C:\WINDOWS\system32\drivers\pr cmondrv1041.sys []
S3 cpuz128;cpuz128;C:\Program Files\PC Wizard 2008\pcwiz32.sys [2007-07-14 11:54]
S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddr iver.sys [2005-11-03 20:43]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{53ef3e9b-8cc5-11dc-9314-0013722ffb51}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6c9c113a-73dd-11dc-92fe-0013722ffb51}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 09:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-11 03:59:03 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 20:18:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-12-19 20:19:32 - machine was rebooted
.
2007-12-13 05:16:21 --- E O F ---
  #5  
Old 12-20-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,585
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Please help me find whats wrong with my PC.
could I get a new hjt log as well?

Thanks, John.

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #6  
Old 12-25-2007
JrhRobert's Avatar
Bronze Member
My PC
 
Join Date: Dec 2007
Location: Mobile, AL
Posts: 8
PC Experience: Some Experience
JrhRobert - See this Members User comments on their Profile page
Default Thanks Valis and everyone involved! Re: Please help me find whats wrong with my PC.
Here's my Hjt log Valis, I'm sorry about taking so long to get back to you. The Holidays have been madness. Thanks to everyone, for all of your help and your patience. You don't know how much this means to me.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:39 AM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\eMail ID\OEAddOn\OEdmn_2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\coolpro2\coolpro2.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Rob\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file)
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_2.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_26.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_26.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_26.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_26.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168521805921
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 12723 bytes

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 3 1 2 3 >

Bookmarks

« Malware help needed | My computers is acting up again V or anybody Please help! . »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
where do i find my motherboard model number daturtle Motherboards 3 10-15-2007 02:13 PM