Spyware Issues, Hijackthis Log

Dec 23, 2004

Can someone please review this log and inform me what I need to do to clean things up. I use Spybot Search & Destroy but still have spyware issues on my pc. Also keep getting a RUNDLL error and winups.dll errors everytime I log onto the PC.

Spyware Removal - Spyware Prevention, SpywareBlaster

Sep 6, 2003

There are two excellent spyware removal apps available and they are both FREE so there is no reason to not use them regularly. The two best apps there are for removing spyware are SpyBot Search & Destroy and Ad Aware. IT IS IMPERATIVE THAT YOU USE BOTH OF THESE APPS SINCE ONE FINDS WHAT THE OTHER MISSES AND VICE VERSA, YOU ARE NOT SAFE USING JUST ONE OF THEM. There is one other app that I HIGHLY recommend is for spyware prevention, SpywareBlaster. This app sets certain registry entries that prevent spyware from ever installing, it DOES NOT run in the background using any resources, you just set it and forget it. Once you have installed these three MUST HAVE apps you then need to update them and keep them up to date. I would recommend checking for updates weekly, it’s just like your antivirus app, you need to stay protected from the latest spyware out there. To update SpyBot just open the app from your start menu (use the advanced mode option) and select “search for updates” it will then show you what updates are available for download, always install all the updates. Another feature that SpyBot has is called “Immunize”, you will see an icon for it. Select the icon and under “Permanent Internet Explorer Immunity” select “Immunize” this works in the same way as SpywareBlaster in blocking new spyware. It also gives you the option of locking your hosts file against hijackers, I highly recommend using this option as well. To update Ad Aware just open it and select “Check for updates now”. For SpywareBlaster it is mostly the same, open it up and select “Check for updates” once you update this you then must select “select all” and then “Protect against checked items” so that the updates you just did take effect. Anything these apps find is spyware and should be removed, if you choose not to remove what is found then you have no one to blame if your pc crashes due to spyware or your privacy is invaded (including these companies stealing your credit card number and identity

Internet Spyware / Get Warning Message About Spyware

Jan 14, 2006

I'm experienceing problems running the internet. Each time I try connecting tho the Net, despite changing the default homepage which has been changed to c:secure32.html I get a warning message about spyware I have also run Spybot Search and Destroy and the Lavasoft Ad-ware and removed all of the critical objects.

Pc Infected - Anti-spyware-Spyware Doctor

Oct 2, 2006

My PC is infected with some bad stuff and I'm not sure what to do. So far I have tried to run Spybot S&D, Registry mechanic, ewido anti-spyware, Spyware Doctor and SpywareBlaster all of these programs seize when carrying out a scan and I have no option but to close the pc down with the power button. I am pretty much at a loss as what to do next and was hoping one of you kind souls could help me. I am running xp.

Hijackthis Help!!

Aug 30, 2005

Spybot Search & Destroy found abetterinternet.aurora and wwwcoolsearch. I have attached my information from hijackthis and hope someone can help me get rid of this.

Logfile of HijackThis v1.99.1
Scan saved at 8:11:53 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:Program FilesMcAfeeMcAfee AntiSpywareMssCli.exe
C:Program FilesMcAfeeMcAfee Shared ComponentsGuardianCMGrdian.exe
C:Program FilesCommon FilesRealUpdate_OB
C:Program FilesJavajre1.5.0_02injusched.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
C:Program FilesDell SupportDSAgnt.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = about:blank
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
R3 - URLSearchHook: (no name) - _{0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {02B87ED9-9E43-E09C-1AC4-92BC697FB39C} - blank (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {07B87EDB-9E32-97EC-1AC6-9ABC1C7BB39B} - blank (file missing)
O2 - BHO: (no name) - {1FFB474E-FAFE-F077-D4EC-F80A070CA69D} - blank (file missing)
O2 - BHO: (no name) - {2FD6774C-D7BC-B233-F9DE-C02742388BAA} - blank (file missing)
O2 - BHO: (no name) - {37954ED9-B370-D5A8-37F4-A291594F9EAC} - blank (file missing)
O2 - BHO: (no name) - {3CAB4059-E440-2BC1-8156-6C5578F07B1F} - blank (file missing)
O2 - BHO: (no name) - {3FFD1251-E967-0AE8-D256-64550DA57A4C} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {5C8D9187-322B-5FA8-3FFF-775C454EACAD} - blank (file missing)
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - blank (file missing)
O2 - BHO: MyBHOSpy Class - {C52CBAEC-D969-4635-9F50-426CC15CE463} - C:WINDOWSSystem32416881af.dll
O2 - BHO: (no name) - {CB266942-87D6-FA5E-D33D-884DF6F17C95} - blank (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe
O4 - HKLM..Run: [_AntiSpyware] C:Program FilesMcAfeeMcAfee AntiSpywareMssCli.exe
O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask
O4 - HKLM..Run: [VirusScan Online] "c:PROGRA~1mcafee.comvsomcvsshld.exe"
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [McAfee Guardian] "C:Program FilesMcAfeeMcAfee Shared ComponentsGuardianCMGrdian.exe" /SU
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_02injusched.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 - HKLM..Run: [msresearch] C:WINDOWSmsresearch.exe
O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
O4 - HKLM..Run: [mhbj99d7] C:WINDOWSSystem32mhbj99d7.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM..Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
O4 - HKCU..Run: [DellSupport] "C:Program FilesDell SupportDSAgnt.exe" /startup
O4 - HKCU..Run: [AIM] C:PROGRA~1AIMaim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02in
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02in
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:PROGRA~1AIMaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c9.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/ga...mmon/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFullSInst.cab
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52...3C00/setup.exe
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: Iomega App Services - Iomega Corporation - C:PROGRA~1IomegaSystem32AppServices.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:PROGRA~1mcafee.comvsomcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:WINDOWSsystem32RioMSC.exe

HijackThis Scan

May 22, 2005

MY computer is running slow. I have a cable connection with Charter. I run McAfee firewall and antivirus, Spybot Search and Destroy, Ad-Aware SE Personal, Ace Utilities, WinASO Disk Clearner, Error Nuker and Executive Software to defrag.

I just downloaded HijackThis and ran it. Here is the print out:

Logfile of HijackThis v1.99.1
Scan saved at 7:31:57 PM, on 5/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:Program FilesMicrosoft IntelliPointpoint32.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesSwiss Army WareSpamAwayMailGuardMailGuard.exe
C:Program FilesKitcoKcastKcast.exe
C:Program FilesSwiss Army WareSpamAwayAntiSpamAntiSpam.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:Program FilesAIM95aim.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsKathieLocal SettingsTemporary Internet FilesContent.IE58F6J056JHijackThis1991[1].exe

O1 - Hosts: pop-server.charter.net.b9
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:WINDOWSDownloaded Program FilesCONFLICT.1SbCIe02a.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1ycomp5_6_0_0.dll
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentmcupdate.exe
O4 - HKLM..Run: [VirusScan Online] "c:PROGRA~1mcafee.comvsomcvsshld.exe"
O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask
O4 - HKLM..Run: [IntelliPoint] "C:Program FilesMicrosoft IntelliPointpoint32.exe"
O4 - HKCU..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /0
O4 - HKCU..Run: [b9] "C:Program FilesSwiss Army WareSpamAwayMailGuardMailGuard.exe" /minimize
O4 - HKCU..Run: [KITCO] C:Program FilesKitcoKcastKcast
O4 - HKCU..RunOnce: [DelayShred] "C:Program FilesMcAfeeMcAfee Shared ComponentsShredderSHRED32.EXE" /q C:DOCUME~1KathieLOCALS~1TEMPOR~1Content.IE5�DUNOFS3SEARCH~1.SH! C:DOCUME~1KathieLOCALS~1TEMPOR~1Content.IE5ATL2BALO3120-2~1.SH! C:DOCUME~1KathieLOCALS~1TEMPOR~1Content.IE5�DUNOFS3DDL_1~1.SH! C:DOCUME~1KathieLOCALS~1TEMPOR~1Content.IE5I9QV8LM1�_1793~1.SH!
O4 - Startup: AntiSpam.lnk = C:Program FilesSwiss Army WareSpamAwayAntiSpamAntiSpam.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: &Check Spelling - res://C:Program FilesieSpellieSpell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:Program FilesieSpellieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:Program FilesieSpellieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:Program FilesieSpellieSpell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:Program FilesieSpellieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:Program FilesieSpellieSpell.dll
O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:WINDOWSDownloaded Program FilesCONFLICT.1SbCIe02a.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIM95aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1YAHOO!MESSEN~1YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1YAHOO!MESSEN~1YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O12 - Plugin for .UVR: C:Program FilesInternet ExplorerPluginsNPUPano.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud14.sports.sc5.yahoo.com/j...lgcst1010_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud7.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon...oad/tgctlar.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1493507C-8A33-4747-8696-9019F8962B5F} (QCV6C020.Install) - http://www.quickcleaner.com/qkc11/cab/QCV6C020.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12fde57...ip/RdxIE601.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars...erxsigned35.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../yse/ymmapi.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...,21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/be...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...430/mcfscan.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:WINDOWSsystem32gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:PROGRA~1mcafee.comvsomcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1MCAFEE.COMPERSON~1MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32

HijackThis Scan

Apr 2, 2006

My computer may have been affected by a trojan by some site, but firefox may have forbidded that site, i did my scans and things look fine but i just wanna make sure and be on the safe side. Here is my Hijack This log

Logfile of HijackThis v1.99.1
Scan saved at 12:16:06 PM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesNorton AntiVirus
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesAOL1129239772eeAOLSoftware.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesiPodiniPodService.exe
C:Program FilesLogitechVideoLogiTray.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesPlaxo2.5.10.17PlaxoHelper.exe
C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesHijackThisHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gatewaybiz.com
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.gateway.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O2 - BHO: CBHOBJObj Object - {8A406068-D45C-40B9-A096-38AC717FB608} - C:WINDOWSBHOBJ.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1129239772eeAOLSoftware.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [PlaxoUpdate] C:Program FilesPlaxo2.5.10.17PlaxoHelper.exe -a
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program FilesLogitechVideoManifestEngine.exe" boot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:program filesaolaol toolbar 3.0
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirus
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

Minor Hijackthis Log

Dec 28, 2004

We are having some minor problems with a system at work. I was wondering if someone knowledgable about these logs would take a look at it, and see if anything stands out, or needs fixed.

100% CPU Usage - HijackThis Log

Mar 28, 2005

I've been having problems with my CPU Usage being around or at 100% for the past few days. Tried spybot and that didn't help. Here is my HijackThis log.

Quot - HijackThis Quo

May 29, 2008

Excuse my ignorance but could someone explain what this program is and what does it do?

Hijackthis Error?

Mar 16, 2005

Done multiple virus scans with Norton, scanned with ad-aware SE, spybot s&d, re-upgraded the xp pro install. For some reason, Yahoo Instant Messenger, MSN Messenger, Internet Explorer, and Hijackthis, all crash immediately when opened, and give me that stupid blahblahblah has caused a problem and needs to close. Also, trillian has the same problem, as does OE when trying to check my MSN and hotmail accounts, but works fine for my pop3 accounts. AIM works fine, as does firefox. I haven't recently installed or changed anything. I have done 2 system restores, and all attempts to un-install, re-install these programs has failed with the install wizard closing due to some insane problem.

Reviewing The HijackThis V1.99.1/ Explorer V6.00?

Jul 9, 2005

Logfile of HijackThis v1.99.1 Scan saved at 9:12:14 PM, on 7/9/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000)

View 3 Replies View Related

Slow Machine -hijackthis Log

Apr 26, 2007

xp pro toshiba laptop has slowed to a crawl. have run the gamut of virus scans, ad aware, spybot, and other attempts to find the issue.

Winfixer Problem - Hijackthis Log

Sep 2, 2005

For the past day I've been getting popups from winfixer. I did a system restore to a few days back and the problem was still there. Nortan internet security / anti-virus isn't picking up anything. Ad aware doesn't see anything.

HijackThis V1.98.2 - Messed My Comp

Jun 7, 2005

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...43a6e253a2dae7

HijackThis V1.99.1: PC Slow/ Clean Or Check?

Jun 8, 2006

my computer is really slow how to clean or check my HJT log? Logfile of HijackThis v1.99.1

Reviewing & Cleaning HJT Logfile Of HijackThis V1.99.1?

Mar 27, 2005

i am not be able to reviewing & cleaning HJT Logfile of HijackThis v1.99.1 how to do that?

Adware Problem,need Analysis Of Hijackthis Log

Feb 16, 2007

Tried ad-aware, spybot, spyware doctor etc. to no avail. Need analysis of hijackthis log.

Slow System, Hijackthis Log Found

Dec 3, 2004

My computer is very slow, so I run a Hijackthis on it. Figured you guys could tell me what to have fixed.

Real Slow System, Help With Hijackthis Log

Dec 22, 2004

My system is incredibly slow opening programs. Real slow! Could someone take a look at my HJT log and see if anything is there?

System Unstable Hijackthis Log Enclosed..

Sep 1, 2005

Hello there after lots of previous problem with my pc. I have formated my PC and though running ok whenever i access Security Centre or the Control Panel neither will respond. Please help. H Here is the Hijack this log file....

Logfile of HijackThis v1.99.1
Scan saved at 14:56:23, on 01/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesDigital Media Readershwiconem.exe
C:Program FilesInternet Exploreriexplore.exe
C:DOCUME~1PAULSM~1LOCALS~1TempTemporary Directory 1 for hijackthis[1].zipHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://news.bbc.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.msn.co.uk
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM..Run: [CHotkey] zHotkey.exe
O4 - HKLM..Run: [ShowWnd] ShowWnd.exe
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [SunKistEM] C:Program FilesDigital Media Readershwiconem.exe
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2in
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2in
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) - http://install.anark.com/client/vers...n/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
O23 - Service: SmartLinkService (SLService) - - C:WINDOWSSYSTEM32slserv.exe

Cleaning Possible Vundo/Virtumonde/Downloader ASN.HijackThis Log

Jan 17, 2006

Ran into some virus fun,I think it is gone. I ran vundofix.exe; symantec's vundo fix; virtumonde fix from symantec; trojanhunter; hijackthis; winpatrol; spysweeper; (some in safe mode). And removed a BHO for winlogon.exe with the mljgd.dll. That doesn't exist anymore,

HijackThis Log.


Logfile of HijackThis v1.99.1
Scan saved at 10:36:39 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:Program FilesJavaj2re1.4.2_03injusched.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:Program FilesMcAfee.comVSOmcvsshld.exe
C:Program FilesMcAfee.comVSOoasclnt.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesMessengermsmsgs.exe
c:program filesmcafee.comagentmcdetect.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesWebrootSpy SweeperWRSSSDK.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe
C:Program FilesCommon FilesRealUpdate_OB
C:Program FilesWindows Media Playerwmplayer.exe
C:Documents and SettingsHP_OwnerDesktopprocexp.exe
C:Program FilesJavaj2re1.4.2_03injucheck.exe
C:Program FilesMcAfee.comPersonal FirewallMpfTray.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsHP_OwnerDesktophijackthisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:program filesmcafee.commpsmcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:program filesmcafee.commpspopupkiller.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06injusched.exe
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [HPHUPD06] c:Program FilesHP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}hphupd06.exe
O4 - HKLM..Run: [VTTimer] VTTimer.exe
O4 - HKLM..Run: [Reminder] "C:WindowsCreatorRemind_XP.exe"
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [HPHmon03] C:WINDOWSsystem32hphmon03.exe
O4 - HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [VSOCheckTask] "C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask
O4 - HKLM..Run: [VirusScan Online] C:Program FilesMcAfee.comVSOmcvsshld.exe
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] c:PROGRA~1mcafee.comagentmcupdate.exe
O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
O4 - HKLM..Run: [MPSExe] c:PROGRA~1mcafee.commpsmscifapp.exe /embedding
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /startintray
O4 - HKLM..Run: [THGuard] C:Program FilesTrojanHunter 4.2THGuard.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imaginginhpqtra08.exe
O8 - Extra context menu item: Add To HP Organize... - C:PROGRA~1HEWLET~1HPORGA~1incore.hp.mainSendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06in
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06in
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:Program FilesHelloPicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:Program FilesHelloPicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097093077531
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:program filesmcafee.comagentmcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:PROGRA~1mcafee.comagentmctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1McAfee.comPERSON~1MpfService.exe
O23 - Service: Pml Driver - HP - C:WINDOWSsystem32HPHipm09.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperWRSSSDK.exe

HijackThis Log & Ad Aware Log - Websites Wont Open

Apr 2, 2005

My desktop wallpaper changed and won't change back and all my folders and things that were on my desktop are gone, but when I search for them it says that they are on my desktop and I can't right-click on anything. And if I make a new folder it doubles. And certain websites won't open for me (mail.com, lavasoft support boards, and urbanoutfitters.com). I've run Norton, Spybot, Ad-Aware,and Ad-Away.

Logfile of HijackThis v1.99.1
Scan saved at 4:55:58 PM, on 4/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

Long Startup Time - Logfile Of HijackThis V1.99.1

Oct 4, 2005

i have windows xp, and lately my comps been real slow startin up. its not so bad gettin to the desktop but from there it just pretty much freezes anywhere from 4 to 8 minutes i'd say, something like that. also sometimes windows just lags completly i don't know. well i looked at some similar topics an still have no clue what to do but i did install HJT and well heres my log:

Logfile of HijackThis v1.99.1
Scan saved at 2:12:29 AM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

View 7 Replies View Related

HijackThis Log For Memory Full / Restart My Computer

Aug 6, 2007

The memory runs out on my computer when I open additional windows on my PC and I have 512 MB of RAM. I use internet explorer 6 and with windows xp home edition. Then I have to use Disc Cleanup to get more space by compressing old files and deleting temporary files. I cannot even run this utility when the windows are open and I cannot close windows sometimes so I have to shut down Internet Explorer and restart my computer.

HiJackThis Program Doesnt Stay Open

Mar 26, 2006

I figured I could search this problem up and find it here... I did.. NUMEROUS times... but my problem is.my HiJackThis program doesnt stay open either! I managed to get a logfile made.not sure how complete it is... before HiJackThis was shut down... heres the file.

Unable To Find Back Up After Running HijackThis

Apr 25, 2008

i ran hijackthis straight out of the .exe file and i can't find the 'backup' folder anywhere (admittedly i don't even know if there is one) but in turning off some start up items, i just went 'i'm so over this' and lost my cool and ticked 2 run.dll files....makes for entertaining computing, this much i know.question one: can i just 'get' necessary .dll win xp sp2 files from somewhere?question two: is this somewhere, a)over the rainbow or b) would i have to 'do something recover style' with the win xp pro disc that would possibly hang me over the edge of losing data which c) is sparsely backed up because d) i'm a tool. question three: above all else, it takes 10min for start up (yes the entire process) to occur which inevitably leads me to having to enter the password for the user (admin) account. is this because of the missing run.dll files or is it because i changed the password not twice but thrice and therefore i may have confused it a little?

Ewido And Hijackthis Are Clean - Keep Getting Popups For Antivirus Crap

Sep 25, 2006

all i can say is ewido and hijackthis are clean, but i keep getting popups for antivirus crap. i'm going to try to delete mozilla, and then re-install it as some of the popups mention it. here's what one of the popups said:


Long Start Up Time - Logfile Of Trend Micro HijackThis V2.0.2

Aug 3, 2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:40 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe
C:Program FilesCommon FilesSymantec SharedcoSharedCW1.0CWDefScn.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe................

Getting Rid Of Spyware

Dec 13, 2005

I've run adaware, spybot and microsoft spyware remover.

Ntdll.dll Or Spyware

Nov 27, 2006

I have a Windows XP machine that keeps coming up with an ntdll.dll error. It happens in a couple places. Either at boot up after logon or when I'm using Internet Explorer.

Logfile of HijackThis v1.99.1
Scan saved at 9:22:10 AM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesAdobeAcrobat 7.0Reader
C: empHijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 - HKLM..Run: [Track-It! Workstation Manager Service Monitor] C:WINDOWSTIREMOTETIServiceMonitor.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
O4 - Global Startup: PinkNotes Plus v4.lnk = C:Program FilesPNP4pnplus4.exe
O4 - Global Startup: QuicKeys Engine.lnk = C:Program FilesStartlyQuicKeysQkEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:Program FilesMICROS~1OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162841528312
O20 - Winlogon Notify: NavLogon - C:WINDOWSsystem32NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32spoolDRIVERSW32X863HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec AntiVirusSavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:Program FilesAnalog DevicesSoundMAXspkrmon.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec AntiVirusRtvscan.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:WINDOWSTIREMOTEwuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:WINDOWSTIREMOTETIRemoteService.exe

