Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » Hijack This Log Help

[Pending] HJT Logs - Hijack This Log Help posted in the Security & Safety forums; I ran Iobit Advanced Windows Care 3 Beta 2 and it identified a large log. I downloaded and ran the Hijack This analyzer and it identified the same log and ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 04-21-2008
zmpt's Avatar
Bronze Member
  
Join Date: Apr 2008
Posts: 3
PC Experience: Some Experience
zmpt - See this Members User comments on their Profile page
Default Hijack This Log Help
I ran Iobit Advanced Windows Care 3 Beta 2 and it identified a large log. I downloaded and ran the Hijack This analyzer and it identified the same log and further sugggested seeking help from a forum like this. I have run CC Cleaner and removed all files.

Here is the log:

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Program Files\Common Files\Command Software\dvpapi.exe
E:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
E:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\fxssvc.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
E:\Program Files\PC Tools AntiVirus\PCTAV.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\EarthLink TotalAccess\TaskPanl.exe
E:\Program Files\My Book\WD Backup\uBBMonitor.exe
E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
E:\WINDOWS\system32\mdm.exe
E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
E:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
E:\Program Files\Outlook Express\msimn.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = EarthLink - Welcome to myEarthLink
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = EarthLink® - Page Not Found
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = EarthLink Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = EarthLink® - Page Not Found
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = EarthLink - Welcome to myEarthLink
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = EarthLink Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - E:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - E:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - E:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - E:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - E:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - E:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - E:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - E:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McAfee Guardian] "E:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Earthlink Protection Control Center] E:\Program Files\EarthLink TotalAccess\ProtectionControlCenter\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [PCTAVApp] "E:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmartRAM] "E:\Program Files\IObit\Advanced WindowsCare 3 Beta\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "E:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "E:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WD Backup Monitor.lnk = E:\Program Files\My Book\WD Backup\uBBMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://E:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://earthlink.sereniti.com/SSMEarthLink.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9770000F-5021-4533-A2BF-DB148F064B4C}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89
O23 - Service: ADSService - Aluria Software, a division of EarthLink, Inc. - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - E:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - E:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - E:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - E:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Unknown owner - E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
-
Help! And thanks!
  #2  
Old 04-21-2008
zmpt's Avatar
Bronze Member
  
Join Date: Apr 2008
Posts: 3
PC Experience: Some Experience
zmpt - See this Members User comments on their Profile page
Default Re: Hijack This Log Help
FWIW, this log was developed while running in normal mode.
  #3  
Old 04-23-2008
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,511
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default Re: Hijack This Log Help
Hello, and welcome to PCHF.


You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please save the text that will open (report.txt) to your desktop.


Now run HijackThis and place a checkmark by the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9770000F-5021-4533-A2BF-DB148F064B4C}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89
O23 - Service: ADSService - Aluria Software, a division of EarthLink, Inc. - (no file)

 Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.


Once your computer restarts, post the Fixwareout report, as well as a new HijackThis log.
  #4  
Old 04-23-2008
zmpt's Avatar
Bronze Member
  
Join Date: Apr 2008
Posts: 3
PC Experience: Some Experience
zmpt - See this Members User comments on their Profile page
Default Re: Hijack This Log Help
Thanks for your help!

Note: The four 017 entries did not appear in the first HJT report. I checked all others.

Here is Wareout Report:

~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
"nameserver"="85.255.114.27 85.255.112.89" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{9770000F-5 021-4533-A2BF-DB148F064B4C}
"nameserver"="85.255.114.27,85.255.112.89" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{D05E3B79-5 5EC-431F-ABA0-CAF04F878204}
"DhcpNameServer"="85.255.114.27,85.255.112.89" <Value cleared.
Could not flush the DNS Resolver Cache: Function failed during execution.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"McAfee Guardian"="\"E:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe\" /SU"
"Earthlink Protection Control Center"="E:\\Program Files\\EarthLink TotalAccess\\ProtectionControlCenter\\elnk_pcc.exe /minimize"
"PCTAVApp"="\"E:\\Program Files\\PC Tools AntiVirus\\PCTAV.exe\" /MONITORSCAN"
"Adobe Reader Speed Launcher"="\"E:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SmartRAM"="\"E:\\Program Files\\IObit\\Advanced WindowsCare 3 Beta\\Sup_SmartRAM.exe\" /m"
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.ex e"
"Advanced WindowsCare 3"="\"E:\\Program Files\\IObit\\Advanced WindowsCare 3 Beta\\AWC.exe\" /startup"
"SmartRAM"="\"E:\\Program Files\\IObit\\Advanced WindowsCare 3 Beta\\Sup_SmartRAM.exe\" /m"
"E6TaskPanel"="\"E:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe\" -winstart"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Here is second HJT report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:20 AM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Program Files\Common Files\Command Software\dvpapi.exe
E:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
E:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
E:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\fxssvc.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
E:\Program Files\PC Tools AntiVirus\PCTAV.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Program Files\IObit\Advanced WindowsCare 3 Beta\Sup_SmartRAM.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
E:\Program Files\EarthLink TotalAccess\TaskPanl.exe
E:\Program Files\My Book\WD Backup\uBBMonitor.exe
E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
E:\Program Files\OpenOffice.org 2.4\program\soffice.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
EarthLink - Welcome to myEarthLink
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
EarthLink® - Page Not Found
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
EarthLink Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
EarthLink® - Page Not Found
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = EarthLink - Welcome to myEarthLink
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
EarthLink Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - E:\Program
Files\EarthLink TotalAccess\elnIE.dll
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - E:\Program
Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - E:\Program
Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - E:\Program
Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - E:\Program
Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - E:\Program
Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program
files\google\googletoolbar1.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} -
E:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - E:\Program
Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McAfee Guardian] "E:\Program Files\McAfee\McAfee Shared
Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Earthlink Protection Control Center] E:\Program Files\EarthLink
TotalAccess\ProtectionControlCenter\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [PCTAVApp] "E:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmartRAM] "E:\Program Files\IObit\Advanced WindowsCare 3
Beta\Sup_SmartRAM.exe" /m
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "E:\Program Files\IObit\Advanced WindowsCare 3
Beta\AWC.exe" /startup
O4 - HKCU\..\Run: [SmartRAM] "E:\Program Files\IObit\Advanced WindowsCare 3
Beta\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [E6TaskPanel] "E:\Program Files\EarthLink TotalAccess\TaskPanl.exe"
-winstart
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft
Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = E:\Program Files\OpenOffice.org
2.4\program\quickstart.exe
O4 - Global Startup: WD Backup Monitor.lnk = E:\Program Files\My Book\WD
Backup\uBBMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://E:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://E:\Program Files\EarthLink
TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
E:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
E:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) -
http://earthlink.sereniti.com/SSMEarthLink.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner -
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - E:\Program Files\Common
Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. -
E:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software,
LLC. - E:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - E:\Program
Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - E:\Program Files\Analog
Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Unknown owner -
E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8734 bytes


Again, thanks!
  #5  
Old 04-24-2008
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,511
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default Re: Hijack This Log Help
Your log appears clean to me now, just one thing left. Fix this entry if your administrator or Spybot S&D did not set this:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Any other problems with your PC?

Reply
New! Norton Internet Security 2008 – Download Now Click Here

Bookmarks

« Missing Files | hijackthis log »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need some help decoding this hijack this log astalls764 Windows XP/2000 3 01-25-2008 06:09 AM
[Fixed] need someone to proof my hijack log cr2jones [Fixed] Hijackthis! Logs 5 01-04-2008 07:28 PM
another hijack log jonnysos11 [Fixed] Hijackthis! Logs 1 11-25-2007 11:18 PM
PLEASE help with this HiJack This Log angelab6067 [Fixed] Hijackthis! Logs 7 11-01-2007 08:44 PM
[Resolved] please help with my hijack log confidential [Fixed] Hijackthis! Logs 14 12-02-2005 12:51 AM

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 09:18 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top