Hijackthis Log

alcarm1964@hotmail.com · 12-28-2006, 07:53 AM

Just today I started getting that problem where any search results on
Google are redirected to other weird sites instead of the ones I want.
I ran my Norton thing and a couple of different Spyware programs. Each

found 1 or 2 things and fixed them but the problem still exists. I
downloaded Hijackthis and ran it a few minutes ago. This is the log it

created. I was wondering if someone could take alook and make some
recommendations (I have no idea what most of these things are). Also,
everything seems to running a little slow...my CPU usase fluctuates
constantly
between like 10 and 90%...usually, it's pretty steady in the cingle
digits. Thanks!
================================================== =======================

Logfile of HijackThis v1.99.1
Scan saved at 5:38:52 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\hijackthi s[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = 192.168.254.1:80
R3 - URLSearchHook: AOLTBSearch Class -
{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL
Toolbar 2.0\aoltb.dll (file missing)
R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A}

- (no file)
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}

- C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B}

- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
initialize
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital
Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program
Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0
/poll=24
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration
Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program
files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}

- C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

(no file)
O9 - Extra button: PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} - c:\program
files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} - c:\program
files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
- C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks -
http://download.games.yahoo.com/game...s/y/blt1_x.cab
O16 - DPF: Tornado 21 -
http://download.games.yahoo.com/game.../y/t21t0_x.cab
O16 - DPF: Video Poker -
http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon -
http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo -
http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack -
http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Klondike Solitaire -
http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/game.../y/mjst4_x.cab
O16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids -
http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) -

http://www.nintendowifi.com/troubles.../usbaptest.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl
Class) -
http://tools.ebayimg.com/eps/wl/acti...icture_Control...

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/210a200be34ff19...p/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -

http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) -

http://software.musicnow.com/musicno...4/MusicNow.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm
Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass
Control) -
http://download.games.yahoo.com/game...tched/main.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements
Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer
Class) -
http://a532.g.akamai.net/f/532/6712/...com/downloads/...

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer
Class) -
http://a532.g.akamai.net/f/532/6712/...d.akamai.com/6...

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online
Control) -
http://download.games.yahoo.com/game...s/cinematycoon...

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://download.games.yahoo.com/game...insaniquarium/...

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl
Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

pcbutts1 · 12-28-2006, 10:19 AM

Have HJT fix the following lines by placing a check in the box next to each
line then clicking on the fix checked button on the bottom.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hsremove.com/done.htm
R3 - URLSearchHook: AOLTBSearch Class -
{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL
Toolbar 2.0\aoltb.dll (file missing)
R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A}
- (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
- C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}
- C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
- C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker,David H. Lipman, Max M Wachtell III aka
What's in a Name?,Fitz,Rhonda Lea Kirk,Meat Plow, F Kwatu F, George Orwell

<alcarm1964@hotmail.com> wrote in message
news:1167310390.100511.94640@h40g2000cwb.googlegro ups.com...
> Just today I started getting that problem where any search results on
> Google are redirected to other weird sites instead of the ones I want.
> I ran my Norton thing and a couple of different Spyware programs. Each
>
> found 1 or 2 things and fixed them but the problem still exists. I
> downloaded Hijackthis and ran it a few minutes ago. This is the log it
>
> created. I was wondering if someone could take alook and make some
> recommendations (I have no idea what most of these things are). Also,
> everything seems to running a little slow...my CPU usase fluctuates
> constantly
> between like 10 and 90%...usually, it's pretty steady in the cingle
> digits. Thanks!
> ================================================== =======================
>
> Logfile of HijackThis v1.99.1
> Scan saved at 5:38:52 PM, on 12/27/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.5346.0005)
>

alcarm1964@hotmail.com · 12-28-2006, 10:45 AM

Thanks...I fixed those lines but stll have the damn redirect. I ran it
again and produced a new log...anything still look weird?
================================================== =========================
Logfile of HijackThis v1.99.1
Scan saved at 9:43:18 AM, on 12/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\hijackthi s\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = 192.168.254.1:80
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B}
- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
initialize
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital
Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program
Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0
/poll=24
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration
Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program
files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} - c:\program
files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} - c:\program
files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks -
http://download.games.yahoo.com/game...s/y/blt1_x.cab
O16 - DPF: Tornado 21 -
http://download.games.yahoo.com/game.../y/t21t0_x.cab
O16 - DPF: Video Poker -
http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon -
http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo -
http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack -
http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Klondike Solitaire -
http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/game.../y/mjst4_x.cab
O16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids -
http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) -
http://www.nintendowifi.com/troubles.../usbaptest.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl
Class) -
http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/210a200be34ff19...p/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) -
http://software.musicnow.com/musicno...4/MusicNow.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm
Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass
Control) -
http://download.games.yahoo.com/game...tched/main.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements
Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer
Class) -
http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer
Class) -
http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online
Control) -
http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl
Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

siljaline · 12-28-2006, 12:54 PM

<log snipped>

Post your log to /any/ of the following (expert) forums for analysis.
*Note, registration is required prior to posting a log.
- Not listed in any particular order -
(http://aumha.net/viewforum.php?f=30)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://www.cybertechhelp.com/forums/...splay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malwa..._Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/...p?showforum=18)
(http://www.malwarebytes.org/forums/i...hp?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)
(http://gladiator-antivirus.com/forum...?showforum=170)

Post back the URL where you posted your log, *not* the entire log.

Silj

--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

--
Posted via a free Usenet account from http://www.teranews.com

alcarm1964@hotmail.com · 12-30-2006, 10:36 AM

siljaline wrote:
> <log snipped>
>
> Post your log to /any/ of the following (expert) forums for analysis.
> *Note, registration is required prior to posting a log.
> - Not listed in any particular order -
> (http://aumha.net/viewforum.php?f=30)
> (http://www.spywarewarrior.com/viewforum.php?f=5)
> (http://www.bleepingcomputer.com/forums/forum22.html)
> (http://www.dslreports.com/forum/cleanup)
> (http://www.cybertechhelp.com/forums/...splay.php?f=25)
> (http://www.atribune.org/forums/index.php?showforum=9)
> (http://www.geekstogo.com/forum/Malwa..._Here-f37.html)
> (http://forums.spywareinfo.com/index.php?showforum=18)
> (http://forum.networktechs.com/forumdisplay.php?f=130)
> (http://forums.maddoktor2.com/index.php?showforum=17)
> (http://forums.techguy.org/f54-s.html)
> (http://forums.tomcoyote.org/index.php?showforum=27)
> (http://forums.subratam.org/index.php?showforum=7)
> (http://www.5starsupport.com/ipboard/...p?showforum=18)
> (http://www.malwarebytes.org/forums/i...hp?showforum=7)
> (http://www.wilderssecurity.com/forumdisplay.php?f=26)
> (http://makephpbb.com/phpbb/viewforum.php?f=2)
> (http://forums.techguy.org/54-security/)
> (http://forums.security-central.us/forumdisplay.php?f=13)
> (http://castlecops.com/forum67.html)
> (http://gladiator-antivirus.com/forum...?showforum=170)
>
> Post back the URL where you posted your log, *not* the entire log.
>
> Silj
>
> --
> siljaline
>
> "Arguing with anonymous strangers on the Internet is a sucker's game
> because they almost always turn out to be -- or to be indistinguishable from
> -- self-righteous sixteen-year-olds possessing infinite amounts of free time."
> - Neil Stephenson, _Cryptonomicon_
>
>
>
> --
> Posted via a free Usenet account from http://www.teranews.com

Thanks. Here's the link to the message forum I posted it in.

http://spywarewarrior.com/viewtopic.php?p=147017#147017

siljaline · 12-30-2006, 03:35 PM

<alcarm1964@hotmail.com> wrote:
<snip>

> Thanks. Here's the link to the message forum I posted it in.
>
> http://spywarewarrior.com/viewtopic.php?p=147017#147017

I took a quick glance at your log - the biggest problem is PartyPoker,
it is a known Hijacker.
The folks at Spyware Warrior are very good - remember that they
are all volunteers, you may have to what some time to get a reply.

Good luck!

Silj

--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

--
Posted via a free Usenet account from http://www.teranews.com

Mich · 12-29-2006, 09:59 AM

you can upload your log to these sites, works well to analyze

http://hjt.iamnotageek.com/

http://www.hijackthis.de/en
Your Explorer.exe is in the wrong directory, search for it and look at the
properties (you will find the legit one too) find the rouge one and rename
the extension , and I'm not sure what winACE is

The rest of you Why just attack PCbutts instead of helping the person with
the post ?
Butts is craving attention and your giving it to him... DUH!!!!

Mich...

<alcarm1964@hotmail.com> wrote in message
news:1167310390.100511.94640@h40g2000cwb.googlegro ups.com...
> Just today I started getting that problem where any search results on
> Google are redirected to other weird sites instead of the ones I want.
> I ran my Norton thing and a couple of different Spyware programs. Each
>
> found 1 or 2 things and fixed them but the problem still exists. I
> downloaded Hijackthis and ran it a few minutes ago. This is the log it
>
> created. I was wondering if someone could take alook and make some
> recommendations (I have no idea what most of these things are). Also,
> everything seems to running a little slow...my CPU usase fluctuates
> constantly
> between like 10 and 90%...usually, it's pretty steady in the cingle
> digits. Thanks!
> ================================================== =======================
>
> Logfile of HijackThis v1.99.1
> Scan saved at 5:38:52 PM, on 12/27/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.5346.0005)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
> C:\WINDOWS\system32\HPZipm12.exe
> C:\Program Files\Spyware Doctor\sdhelp.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\wanmpsvc.exe
> C:\WINDOWS\system32\fxssvc.exe
> C:\WINDOWS\System32\alg.exe
> C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
> C:\WINDOWS\system32\ps2.exe
> C:\windows\system\hpsysdrv.exe
> C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\DIGStream\digstream.exe
> C:\Program Files\ESPNRunTime\DIGServices.exe
> C:\WINDOWS\LTMSG.exe
> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
> C:\Program Files\WiFiConnector\NintendoWFCReg.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
> C:\Program Files\Common Files\Symantec Shared\Security
> Console\NSCSRVCE.EXE
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> C:\Program Files\AIM\aim.exe
> C:\WINDOWS\explorer.exe
> C:\Program Files\Windows Media Player\wmplayer.exe
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> C:\Program Files\Spyware Doctor\swdoctor.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Microsoft Office\Office\EXCEL.EXE
> C:\WINDOWS\msagent\AgentSvr.exe
> C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
> C:\Program Files\WinAce\WinAce.exe
> C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\hijackthi s[1]\HijackThis.exe
>
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = http://srch-us7.hpwis.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://go.microsoft.com/fwlink/?LinkId=54729
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://hsremove.com/done.htm
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
> Settings,ProxyServer = 192.168.254.1:80
> R3 - URLSearchHook: AOLTBSearch Class -
> {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL
> Toolbar 2.0\aoltb.dll (file missing)
> R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A}
>
> - (no file)
> O2 - BHO: Yahoo! Toolbar Helper -
> {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
> Files\Yahoo!\Companion\Installs\cpn\yt.dll
> O2 - BHO: Adobe PDF Reader Link Helper -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
>
> 7.0\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\SPYWAR~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
>
> C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
> O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
>
> - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
> O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar1.dll
> O2 - BHO: PCTools Browser Monitor -
> {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
> C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
> O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
> C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
> O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B}
>
> - C:\Program Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
>
> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
> Files\Java\jre1.5.0_10\bin\jusched.exe"
> O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
> initialize
> O4 - HKLM\..\Run: [ISUSPM Startup]
> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
> O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
> O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
> C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
> O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
> O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
> O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
> O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
> O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital
> Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
> O4 - HKLM\..\Run: [HP Software Update] C:\Program
> Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
> O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
> Software\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
> O4 - HKLM\..\Run: [DIGServices] C:\Program
> Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0
> /poll=24
> O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
> O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
> O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
> O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
> 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
> O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]
> C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
> Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
> Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
> O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program
> Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
> O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration
> Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
> O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
> Toolbar\AIMBar.dll/aimsearch.htm
> O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program
> files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
>
> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.5.0_10\bin\ssv.dll
> O9 - Extra button: Spyware Doctor -
> {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
> C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
> O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}
>
> - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
> O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
> C:\Program Files\AIM\aim.exe
> O9 - Extra button: PartyPoker.com -
> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
> Files\PartyGaming\PartyPoker\RunApp.exe
> O9 - Extra 'Tools' menuitem: PartyPoker.com -
> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
> Files\PartyGaming\PartyPoker\RunApp.exe
> O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
>
> (no file)
> O9 - Extra button: PartyPoker.net -
> {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program
> files\PartyGaming.net\PartyPokerNet\RunPF.exe
> O9 - Extra 'Tools' menuitem: PartyPoker.net -
> {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program
> files\PartyGaming.net\PartyPokerNet\RunPF.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
>
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
> - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
> O11 - Options group: [INTERNATIONAL] International*
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O16 - DPF: JT's Blocks -
> http://download.games.yahoo.com/game...s/y/blt1_x.cab
> O16 - DPF: Tornado 21 -
> http://download.games.yahoo.com/game.../y/t21t0_x.cab
> O16 - DPF: Video Poker -
> http://download.games.yahoo.com/game...s/y/vpt0_x.cab
> O16 - DPF: Yahoo! Backgammon -
> http://download.games.yahoo.com/game...ts/y/at1_x.cab
> O16 - DPF: Yahoo! Bingo -
> http://download.games.yahoo.com/game...ts/y/xt0_x.cab
> O16 - DPF: Yahoo! Blackjack -
> http://download.games.yahoo.com/game...ts/y/jt0_x.cab
> O16 - DPF: Yahoo! Chat -
> http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
> O16 - DPF: Yahoo! Klondike Solitaire -
> http://presence.games.yahoo.com/yog/y/ks12_x.cab
> O16 - DPF: Yahoo! MahJong Solitaire -
> http://download.games.yahoo.com/game.../y/mjst4_x.cab
> O16 - DPF: Yahoo! Poker -
> http://download.games.yahoo.com/game...ts/y/pt3_x.cab
> O16 - DPF: Yahoo! Pyramids -
> http://download.games.yahoo.com/game...s/y/pyt1_x.cab
> O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) -
>
> http://www.nintendowifi.com/troubles.../usbaptest.cab
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage Validation Tool) -
> http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
> http://download.ebay.com/turbo_lister/US/install.cab
> O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
> http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> scanner) -
> http://security.symantec.com/sscv6/S...in/AvSniff.cab
> O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl
> Class) -
> http://tools.ebayimg.com/eps/wl/acti...icture_Control...
>
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
> http://207.188.7.150/210a200be34ff19...p/RdxIE601.cab
> O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
> http://www.bitdefender.com/scan8/oscan8.cab
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
> Utility Class) -
> http://security.symantec.com/sscv6/S.../bin/cabsa.cab
> O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
> http://www.nick.com/common/groove/gx/GrooveAX27.cab
> O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
>
> Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
> O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
>
> http://www.ravantivirus.com/scan/ravonline.cab
> O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) -
>
> http://software.musicnow.com/musicno...4/MusicNow.cab
> O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm
> Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
> O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass
> Control) -
> http://download.games.yahoo.com/game...tched/main.cab
>
> O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements
> Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
> O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer
> Class) -
> http://a532.g.akamai.net/f/532/6712/...com/downloads/...
>
> O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer
> Class) -
> http://a532.g.akamai.net/f/532/6712/...d.akamai.com/6...
>
> O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online
> Control) -
> http://download.games.yahoo.com/game...s/cinematycoon...
>
> O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
> http://download.games.yahoo.com/game...insaniquarium/...
>
> O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl
> Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
>
> C:\WINDOWS\system32\WPDShServiceObj.dll
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
>
> - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccSetMgr.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common
> Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
> O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
> O23 - Service: LiveUpdate - Symantec Corporation -
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
> Symantec Corporation - C:\Program Files\Norton
> AntiVirus\IWP\NPFMntor.exe
> O23 - Service: Norton Protection Center Service (NSCService) - Symantec
>
> Corporation - C:\Program Files\Common Files\Symantec Shared\Security
> Console\NSCSRVCE.EXE
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
> Corporation - C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
>
> O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
> (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
> "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
> O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
> C:\Program Files\Norton AntiVirus\SAVScan.exe
> O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
> Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
>
> O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
> America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
>
>

Roger Johnson · 12-29-2006, 10:54 AM

On Fri, 29 Dec 2006 09:59:30 -0500, "Mich" <Mich8hb@netscape.net>
wrote:

>you can upload your log to these sites, works well to analyze
>
>http://hjt.iamnotageek.com/
>
>
>http://www.hijackthis.de/en
>Your Explorer.exe is in the wrong directory, search for it and look at the
>properties (you will find the legit one too) find the rouge one and rename
>the extension , and I'm not sure what winACE is
>
>

It's an archiving program similar to Winzip or Winrar, getting rather
old hat now though.
--

pcbutts1 · 12-29-2006, 04:46 PM

Because the trolls in my sig who stalk me are not capable of reading HJT
logs so they have nothing better to do then to attack me. That's all Leythos
does, he never replies to the original poster, he always replies to me, he
never helps anyone except me by promoting my website. My hit count is up 25%
in the past 3 months. I just ignore him and let him do his thing, I benefit
from it.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker,David H. Lipman, Max M Wachtell III aka
What's in a Name?,Fitz,Rhonda Lea Kirk,Meat Plow, F Kwatu F, George Orwell

"Mich" <Mich8hb@netscape.net> wrote in message
news:X3alh.18$Q4.4@newsfe02.lga...
> you can upload your log to these sites, works well to analyze
>
> http://hjt.iamnotageek.com/
>
>
> http://www.hijackthis.de/en
> Your Explorer.exe is in the wrong directory, search for it and look at the
> properties (you will find the legit one too) find the rouge one and rename
> the extension , and I'm not sure what winACE is
>
>
> The rest of you Why just attack PCbutts instead of helping the person with
> the post ?
> Butts is craving attention and your giving it to him... DUH!!!!
>
> Mich...
>
>
> <alcarm1964@hotmail.com> wrote in message
> news:1167310390.100511.94640@h40g2000cwb.googlegro ups.com...
>> Just today I started getting that problem where any search results on
>> Google are redirected to other weird sites instead of the ones I want.
>> I ran my Norton thing and a couple of different Spyware programs. Each
>>
>> found 1 or 2 things and fixed them but the problem still exists. I
>> downloaded Hijackthis and ran it a few minutes ago. This is the log it
>>
>> created. I was wondering if someone could take alook and make some
>> recommendations (I have no idea what most of these things are). Also,
>> everything seems to running a little slow...my CPU usase fluctuates
>> constantly
>> between like 10 and 90%...usually, it's pretty steady in the cingle
>> digits. Thanks!
>> ================================================== =======================
>>
>> Logfile of HijackThis v1.99.1
>> Scan saved at 5:38:52 PM, on 12/27/2006
>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v7.00 (7.00.5346.0005)
>>
>> Running processes:
>> C:\WINDOWS\System32\smss.exe
>> C:\WINDOWS\system32\csrss.exe
>> C:\WINDOWS\system32\winlogon.exe
>> C:\WINDOWS\system32\services.exe
>> C:\WINDOWS\system32\lsass.exe
>> C:\WINDOWS\system32\Ati2evxx.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
>> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
>> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
>> C:\WINDOWS\system32\Ati2evxx.exe
>> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
>> C:\WINDOWS\Explorer.EXE
>> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
>> C:\WINDOWS\system32\spoolsv.exe
>> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
>> C:\Program Files\Norton AntiVirus\navapsvc.exe
>> C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
>> C:\WINDOWS\system32\HPZipm12.exe
>> C:\Program Files\Spyware Doctor\sdhelp.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\wanmpsvc.exe
>> C:\WINDOWS\system32\fxssvc.exe
>> C:\WINDOWS\System32\alg.exe
>> C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
>> C:\WINDOWS\system32\ps2.exe
>> C:\windows\system\hpsysdrv.exe
>> C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
>> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
>> C:\Program Files\DIGStream\digstream.exe
>> C:\Program Files\ESPNRunTime\DIGServices.exe
>> C:\WINDOWS\LTMSG.exe
>> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
>> C:\Program Files\WiFiConnector\NintendoWFCReg.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
>> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
>> C:\Program Files\Common Files\Symantec Shared\Security
>> Console\NSCSRVCE.EXE
>> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
>> C:\Program Files\AIM\aim.exe
>> C:\WINDOWS\explorer.exe
>> C:\Program Files\Windows Media Player\wmplayer.exe
>> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
>> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
>> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
>> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
>> C:\Program Files\Spyware Doctor\swdoctor.exe
>> C:\Program Files\Internet Explorer\iexplore.exe
>> C:\Program Files\Microsoft Office\Office\EXCEL.EXE
>> C:\WINDOWS\msagent\AgentSvr.exe
>> C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
>> C:\Program Files\WinAce\WinAce.exe
>> C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\hijackthi s[1]\HijackThis.exe
>>
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
>> = http://srch-us7.hpwis.com/
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
>> http://go.microsoft.com/fwlink/?LinkId=54729
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
>> = http://go.microsoft.com/fwlink/?LinkId=54896
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
>> http://go.microsoft.com/fwlink/?LinkId=54896
>> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://hsremove.com/done.htm
>> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
>> Settings,ProxyServer = 192.168.254.1:80
>> R3 - URLSearchHook: AOLTBSearch Class -
>> {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL
>> Toolbar 2.0\aoltb.dll (file missing)
>> R3 - URLSearchHook: (no name) - _{6CC1C918-AE8B-4373-A5B4-28BA1851E39A}
>>
>> - (no file)
>> O2 - BHO: Yahoo! Toolbar Helper -
>> {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
>> Files\Yahoo!\Companion\Installs\cpn\yt.dll
>> O2 - BHO: Adobe PDF Reader Link Helper -
>> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
>>
>> 7.0\ActiveX\AcroIEHelper.dll
>> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>> C:\SPYWAR~1\SPYBOT~1\SDHelper.dll
>> O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
>>
>> C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
>> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
>> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
>> O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
>>
>> - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
>> O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
>> C:\Program Files\Norton AntiVirus\NavShExt.dll
>> O2 - BHO: Google Toolbar Helper -
>> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
>> files\google\googletoolbar1.dll
>> O2 - BHO: PCTools Browser Monitor -
>> {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
>> C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
>> O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
>> C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
>> O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B}
>>
>> - C:\Program Files\Norton AntiVirus\NavShExt.dll
>> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
>> c:\program files\google\googletoolbar1.dll
>> O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
>>
>> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
>> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
>> Files\Java\jre1.5.0_10\bin\jusched.exe"
>> O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
>> O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
>> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon
>> initialize
>> O4 - HKLM\..\Run: [ISUSPM Startup]
>> C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
>> O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
>> O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
>> C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
>> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
>> O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
>> O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
>> O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
>> O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
>> O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital
>> Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
>> O4 - HKLM\..\Run: [HP Software Update] C:\Program
>> Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
>> O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
>> Software\Update Manager\sgtray.exe" /r
>> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
>> Files\QuickTime\qttask.exe" -atboottime
>> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
>> Shared\ccApp.exe"
>> O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
>> O4 - HKLM\..\Run: [DIGServices] C:\Program
>> Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0
>> /poll=24
>> O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
>> O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
>> O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
>> O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
>> 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
>> O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]
>> C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
>> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
>> Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
>> O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
>> Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
>> O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program
>> Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
>> O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration
>> Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
>> O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
>> Toolbar\AIMBar.dll/aimsearch.htm
>> O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program
>> files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
>> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
>>
>> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
>> O9 - Extra 'Tools' menuitem: Sun Java Console -
>> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
>> Files\Java\jre1.5.0_10\bin\ssv.dll
>> O9 - Extra button: Spyware Doctor -
>> {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
>> C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
>> O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}
>>
>> - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
>> O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
>> C:\Program Files\AIM\aim.exe
>> O9 - Extra button: PartyPoker.com -
>> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
>> Files\PartyGaming\PartyPoker\RunApp.exe
>> O9 - Extra 'Tools' menuitem: PartyPoker.com -
>> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program
>> Files\PartyGaming\PartyPoker\RunApp.exe
>> O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
>>
>> (no file)
>> O9 - Extra button: PartyPoker.net -
>> {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program
>> files\PartyGaming.net\PartyPokerNet\RunPF.exe
>> O9 - Extra 'Tools' menuitem: PartyPoker.net -
>> {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program
>> files\PartyGaming.net\PartyPokerNet\RunPF.exe
>> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
>>
>> C:\Program Files\Messenger\msmsgs.exe
>> O9 - Extra 'Tools' menuitem: Windows Messenger -
>> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>> Files\Messenger\msmsgs.exe
>> O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
>> - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
>> O11 - Options group: [INTERNATIONAL] International*
>> O12 - Plugin for .spop: C:\Program Files\Internet
>> Explorer\Plugins\NPDocBox.dll
>> O16 - DPF: JT's Blocks -
>> http://download.games.yahoo.com/game...s/y/blt1_x.cab
>> O16 - DPF: Tornado 21 -
>> http://download.games.yahoo.com/game.../y/t21t0_x.cab
>> O16 - DPF: Video Poker -
>> http://download.games.yahoo.com/game...s/y/vpt0_x.cab
>> O16 - DPF: Yahoo! Backgammon -
>> http://download.games.yahoo.com/game...ts/y/at1_x.cab
>> O16 - DPF: Yahoo! Bingo -
>> http://download.games.yahoo.com/game...ts/y/xt0_x.cab
>> O16 - DPF: Yahoo! Blackjack -
>> http://download.games.yahoo.com/game...ts/y/jt0_x.cab
>> O16 - DPF: Yahoo! Chat -
>> http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
>> O16 - DPF: Yahoo! Klondike Solitaire -
>> http://presence.games.yahoo.com/yog/y/ks12_x.cab
>> O16 - DPF: Yahoo! MahJong Solitaire -
>> http://download.games.yahoo.com/game.../y/mjst4_x.cab
>> O16 - DPF: Yahoo! Poker -
>> http://download.games.yahoo.com/game...ts/y/pt3_x.cab
>> O16 - DPF: Yahoo! Pyramids -
>> http://download.games.yahoo.com/game...s/y/pyt1_x.cab
>> O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) -
>>
>> http://www.nintendowifi.com/troubles.../usbaptest.cab
>> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
>> Advantage Validation Tool) -
>> http://go.microsoft.com/fwlink/?linkid=39204
>> O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
>> http://download.ebay.com/turbo_lister/US/install.cab
>> O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
>> http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
>> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
>> scanner) -
>> http://security.symantec.com/sscv6/S...in/AvSniff.cab
>> O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl
>> Class) -
>> http://tools.ebayimg.com/eps/wl/acti...icture_Control...
>>
>> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
>> http://207.188.7.150/210a200be34ff19...p/RdxIE601.cab
>> O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
>> http://www.bitdefender.com/scan8/oscan8.cab
>> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
>> Utility Class) -
>> http://security.symantec.com/sscv6/S.../bin/cabsa.cab
>> O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
>> http://www.nick.com/common/groove/gx/GrooveAX27.cab
>> O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
>>
>> Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
>> O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
>>
>> http://www.ravantivirus.com/scan/ravonline.cab
>> O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) -
>>
>> http://software.musicnow.com/musicno...4/MusicNow.cab
>> O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm
>> Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
>> O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass
>> Control) -
>> http://download.games.yahoo.com/game...tched/main.cab
>>
>> O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements
>> Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
>> O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer
>> Class) -
>> http://a532.g.akamai.net/f/532/6712/...com/downloads/...
>>
>> O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer
>> Class) -
>> http://a532.g.akamai.net/f/532/6712/...d.akamai.com/6...
>>
>> O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online
>> Control) -
>> http://download.games.yahoo.com/game...s/cinematycoon...
>>
>> O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
>> http://download.games.yahoo.com/game...insaniquarium/...
>>
>> O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl
>> Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
>> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
>> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
>> O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
>>
>> C:\WINDOWS\system32\WPDShServiceObj.dll
>> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
>> C:\WINDOWS\system32\Ati2evxx.exe
>> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
>> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
>> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
>>
>> - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
>> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccSetMgr.exe
>> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
>> Corporation - C:\Program Files\Common
>> Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
>> O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
>> Files\iPod\bin\iPodService.exe
>> O23 - Service: LiveUpdate - Symantec Corporation -
>> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
>> O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
>> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
>> O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
>> Symantec Corporation - C:\Program Files\Norton
>> AntiVirus\IWP\NPFMntor.exe
>> O23 - Service: Norton Protection Center Service (NSCService) - Symantec
>>
>> Corporation - C:\Program Files\Common Files\Symantec Shared\Security
>> Console\NSCSRVCE.EXE
>> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
>> Corporation - C:\WINDOWS\System32\nvsvc32.exe
>> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
>>
>> O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
>> (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
>> "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
>> O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
>> C:\Program Files\Norton AntiVirus\SAVScan.exe
>> O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research
>> Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
>> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
>>
>> O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program
>> Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
>> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
>> Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
>> O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
>> America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
>>
>>
>
>

pcbutts1 · 12-29-2006, 04:50 PM

BTW his Explorer.exe is in the correct location.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker,David H. Lipman, Max M Wachtell III aka
What's in a Name?,Fitz,Rhonda Lea Kirk,Meat Plow, F Kwatu F, George Orwell

"Mich" <Mich8hb@netscape.net> wrote in message
news:X3alh.18$Q4.4@newsfe02.lga...
> you can upload your log to these sites, works well to analyze
>
> http://hjt.iamnotageek.com/
>
>
> http://www.hijackthis.de/en
> Your Explorer.exe is in the wrong directory, search for it and look at the
> properties (you will find the legit one too) find the rouge one and rename
> the extension , and I'm not sure what winACE is
>
>
> The rest of you Why just attack PCbutts instead of helping the person with
> the post ?
> Butts is craving attention and your giving it to him... DUH!!!!
>
> Mich...
>
>

Thread: Hijackthis Log

Thread Tools

Display

Hybrid View

Hijackthis Log

Re: Hijackthis Log

Re: Hijackthis Log

Re: Hijackthis Log

Re: Hijackthis Log

Re: Hijackthis Log

Re: Hijackthis Log

Re: Hijackthis Log

Re: Hijackthis Log

Re: Hijackthis Log

Thread Information

Users Browsing this Thread

Posting Permissions