Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Hijackthis Log

  1. #1
    Hi, I was wondering if someone here could please check my HijackThis Log and let me know what to clear... thank you very much, I really appreciate it.

    Logfile of HijackThis v1.98.0
    Scan saved at 3:05:22 PM, on 7/16/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\WINDOWS\System32\Smtray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\BitTornado\btdownloadgui.exe
    E:\temp music directory\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phillies.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
    O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Smapp] Smtray.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SPOOL Configuration] SPOOLSVC.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunServices: [SPOOL Configuration] SPOOLSVC.exe
    O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [SPOOL Configuration] SPOOLSVC.exe
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
    O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\System32\page.htm
    O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\System32\link.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Support - {B7CCE110-E8CE-4785-AB89-57A7156E6685} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_7947.dll' missing
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/game...s/y/grt5_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potd_x.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.35mb.com/applet.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab

  2. Software & Hardware   -   #2
    Vargas's Avatar gone fishin'
    Join Date
    Jul 2003
    Location
    the poopdeck
    Posts
    1,937
    TV Media looks suspicious
    so does O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

  3. Software & Hardware   -   #3
    Poster
    Join Date
    Apr 2003
    Location
    USA
    Posts
    324
    can someone take a look at mine too, the mysearchnow looks wierd, but i cant figure out how to get rid of it, Ad-Aware and Spybot dont pick it up.

    Logfile of HijackThis v1.97.7
    Scan saved at 4:50:05 PM, on 7/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\PROGRA~1\GridFast\NameStyle.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Executive Software\Diskeeper\DfrgNTFS.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.h...B_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.hp.com/info/e-center-p
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {B9CCFDEA-2490-7552-B6E7-A100F1E0FC5D} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: liteaboutwma - {2876B8CC-9003-1CC0-F29F-3FD94C1C61E4} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [wipeskip] C:\PROGRA~1\GridFast\NameStyle.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: PartyPoker.com (HKLM)
    O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    Live by the sword, Die by the sword.
    We all seek peace, but few of us will ever find it.

  4. Software & Hardware   -   #4
    zapjb's Avatar Computer Abuser BT Rep: +3
    Join Date
    Nov 2002
    Posts
    3,694
    Go here & check yourself before trusting unknown HT! experts.
    http://forums.majorgeeks.com/showthread.php?t=35407
    Or here.
    http://www.net-integration.net/tools/procedure.html

  5. Software & Hardware   -   #5
    Poster
    Join Date
    Mar 2003
    Posts
    367
    @ volskid2002
    Please start a new topic for your log. It's confusing to have more than one posted in the same thread.

    @ PsychoTrooper
    First go to Trend Micro scan for a virus scan. SPOOLSVC.exe is a worm that the scan should remove.

    Make a new folder for hjt out of the temp folder and move hijackthis.exe into that folder. Backups for anything you fix will be placed into that folder.

    Go to add\remove programs and uninstall TV Media if you can.
    Close all browser windows and run hjt , fix the following:

    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

    O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
    O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif

    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

    O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

    O4 - HKLM\..\Run: [SPOOL Configuration] SPOOLSVC.exe

    O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\Run: [SPOOL Configuration] SPOOLSVC.exe

    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe

    I'm not sure if you use these two. When you right click to download some file, this is in your context menu. Fix if you don't need them.
    O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\System32\page.htm
    O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\System32\link.htm

    Do NOT fix the following yet. It must be done with a different tool.
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_7947.dll' missing


    Reboot into safemode and delete the following. You may need to Show hidden files first.

    C:&#092;Program Files&#092;TV Media < the folder if it&#39;s still there
    C:&#092;WINDOWS&#092;System32&#092;NDrv.dll
    C:&#092;WINDOWS&#092;System32&#092;mseggo.gif
    C:&#092;Program Files&#092;IncrediFind < folder
    C:&#092;WINDOWS&#092;System32&#092;msgked.exe

    Reboot into regular mode and download LSPFix to repair the 010 entry.

    Post a new hijackthis log.

  6. Software & Hardware   -   #6
    zapjb's Avatar Computer Abuser BT Rep: +3
    Join Date
    Nov 2002
    Posts
    3,694
    withdrawn

  7. Software & Hardware   -   #7
    Poster
    Join Date
    Apr 2003
    Location
    USA
    Posts
    324
    alright ill make a new post next time, srry bout that, but i think i fixed it anyway, just searched the registry for it and deleted it, seems to have gone away

    Live by the sword, Die by the sword.
    We all seek peace, but few of us will ever find it.

  8. Software & Hardware   -   #8
    Poster
    Join Date
    Jun 2003
    Posts
    126
    hi volskid2002,


    rescan with hijackthis and check the following(if they are still there):

    R0 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Start Page = http://mysearchnow.com/passthrough/i..._PVER}&ar=home
    R0 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Local Page =
    R0 - HKLM&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Local Page =

    O2 - BHO: (no name) - {B9CCFDEA-2490-7552-B6E7-A100F1E0FC5D} - (no file)

    O3 - Toolbar: liteaboutwma - {2876B8CC-9003-1CC0-F29F-3FD94C1C61E4} - (no file)

    close all browser windows and hit fix checked.

  9. Software & Hardware   -   #9
    thank you very much Jg427. When I went in safe mode, I couldn&#39;t find NDrv.dll, msgked.exe, or the IncrediFind folder, but I did everything else and here is my new log:

    Logfile of HijackThis v1.98.0
    Scan saved at 9:49:04 PM, on 7/16/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:&#092;WINDOWS&#092;System32&#092;smss.exe
    C:&#092;WINDOWS&#092;system32&#092;winlogon.exe
    C:&#092;WINDOWS&#092;system32&#092;services.exe
    C:&#092;WINDOWS&#092;system32&#092;lsass.exe
    C:&#092;WINDOWS&#092;system32&#092;svchost.exe
    C:&#092;WINDOWS&#092;System32&#092;svchost.exe
    C:&#092;Program Files&#092;Sygate&#092;SPF&#092;smc.exe
    C:&#092;WINDOWS&#092;Explorer.EXE
    C:&#092;Program Files&#092;Common Files&#092;Symantec Shared&#092;ccSetMgr.exe
    C:&#092;Program Files&#092;Common Files&#092;Symantec Shared&#092;ccEvtMgr.exe
    C:&#092;WINDOWS&#092;system32&#092;spoolsv.exe
    C:&#092;Program Files&#092;Compaq&#092;Easy Access Button Support&#092;StartEAK.exe
    C:&#092;WINDOWS&#092;System32&#092;Smtray.exe
    C:&#092;Program Files&#092;Compaq&#092;Easy Access Button Support&#092;CPQEADM.EXE
    C:&#092;COMPAQ&#092;CPQINET&#092;CPQInet.exe
    C:&#092;Compaq&#092;EAKDRV&#092;EAUSBKBD.EXE
    C:&#092;Program Files&#092;Common Files&#092;Symantec Shared&#092;ccApp.exe
    C:&#092;Program Files&#092;Meaya&#092;Popup Ad Filter&#092;PopFilter.exe
    C:&#092;PROGRA~1&#092;Compaq&#092;EASYAC~1&#092;BttnServ.exe
    C:&#092;Program Files&#092;Norton AntiVirus&#092;navapsvc.exe
    C:&#092;Program Files&#092;Norton AntiVirus&#092;AdvTools&#092;NPROTECT.EXE
    C:&#092;WINDOWS&#092;System32&#092;nvsvc32.exe
    C:&#092;WINDOWS&#092;system32&#092;pctspk.exe
    C:&#092;Program Files&#092;Common Files&#092;Symantec Shared&#092;CCPD-LC&#092;symlcsvc.exe
    C:&#092;Program Files&#092;Norton AntiVirus&#092;SAVScan.exe
    C:&#092;WINDOWS&#092;System32&#092;taskmgr.exe
    E:&#092;temp music directory&#092;backups&#092;HijackThis.exe

    R0 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Start Page = http://phillies.com/
    R1 - HKLM&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=3c01&lc=0409
    R0 - HKLM&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Start Page = http://phillies.com
    R1 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:&#092;Program Files&#092;TV Media&#092;TvmBho.dll (file missing)
    O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:&#092;WINDOWS&#092;System32&#092;mskceo.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:&#092;Program Files&#092;Adobe&#092;Acrobat 6.0&#092;Reader&#092;ActiveX&#092;AcroIEHelper.dll
    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:&#092;WINDOWS&#092;System32&#092;mskhhe.dll
    O2 - BHO: CDnsRepObj Object - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:&#092;WINDOWS&#092;System32&#092;msglji.gif
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:&#092;PROGRA~1&#092;SPYBOT~1&#092;SDHelper.dll
    O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:&#092;WINDOWS&#092;System32&#092;msjfbl.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:&#092;Program Files&#092;Norton AntiVirus&#092;NavShExt.dll
    O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:&#092;WINDOWS&#092;System32&#092;msfaol.dll
    O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:&#092;WINDOWS&#092;System32&#092;msnkmi.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:&#092;WINDOWS&#092;System32&#092;msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:&#092;Program Files&#092;Norton AntiVirus&#092;NavShExt.dll
    O4 - HKLM&#092;..&#092;Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM&#092;..&#092;Run: [CPQEASYACC] C:&#092;Program Files&#092;Compaq&#092;Easy Access Button Support&#092;StartEAK.exe
    O4 - HKLM&#092;..&#092;Run: [WCOLOREAL] "C:&#092;Program Files&#092;COMPAQ&#092;Coloreal&#092;coloreal.exe"
    O4 - HKLM&#092;..&#092;Run: [Smapp] Smtray.exe
    O4 - HKLM&#092;..&#092;Run: [srmclean] C:&#092;Cpqs&#092;Scom&#092;srmclean.exe
    O4 - HKLM&#092;..&#092;Run: [DeadAIM] rundll32.exe "C:&#092;PROGRA~1&#092;AIM&#092;&#092;DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM&#092;..&#092;Run: [SmcService] C:&#092;PROGRA~1&#092;Sygate&#092;SPF&#092;smc.exe -startgui
    O4 - HKLM&#092;..&#092;Run: [NeroFilterCheck] C:&#092;WINDOWS&#092;system32&#092;NeroCheck.exe
    O4 - HKLM&#092;..&#092;Run: [ccApp] "C:&#092;Program Files&#092;Common Files&#092;Symantec Shared&#092;ccApp.exe"
    O4 - HKLM&#092;..&#092;Run: [Advanced Tools Check] C:&#092;PROGRA~1&#092;NORTON~1&#092;AdvTools&#092;ADVCHK.EXE
    O4 - HKCU&#092;..&#092;Run: [Popup Ad Filter] C:&#092;Program Files&#092;Meaya&#092;Popup Ad Filter&#092;PopFilter.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:&#092;Program Files&#092;AIM&#092;aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:&#092;WINDOWS&#092;System32&#092;Shdocvw.dll
    O9 - Extra button: Support - {B7CCE110-E8CE-4785-AB89-57A7156E6685} - C:&#092;Program Files&#092;Internet Explorer&#092;SIGNUP&#092;Presario.htm (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: Yahoo&#33; Graffiti - http://download.games.yahoo.com/game...s/y/grt5_x.cab
    O16 - DPF: Yahoo&#33; Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab
    O16 - DPF: Yahoo&#33; Pool 2 - http://download.games.yahoo.com/game...s/y/potd_x.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:&#092;WINDOWS&#092;System32&#092;msdhmd.dll


    thank you again so very much Jg427

  10. Software & Hardware   -   #10
    Poster
    Join Date
    Apr 2003
    Location
    USA
    Posts
    324
    @dopey

    it was still there, so ill do wat u said and ill get back to ya

    Live by the sword, Die by the sword.
    We all seek peace, but few of us will ever find it.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •