Unsolved
This post is more than 5 years old
1 Message
0
236
August 19th, 2005 01:00
HijackThis logfile. Problem w/ popups and computer freezing up.
Logfile of HijackThis v1.99.1
Scan saved at 9:16:35 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT
Scan saved at 9:16:35 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v6.00 SP2
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common
Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common
C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec
C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
C:\Program Files\Norton Internet
C:\Program Files\Norton Internet
Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec
C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec
C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet
C:\Program Files\Norton Internet
Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program
C:\WINDOWS\Explorer.EXE
C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft
C:\Program Files\Microsoft
IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP
Scheduler.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program Files\America Online
C:\Program Files\America Online
9.0c\waol.exe
C:\Program Files\America Online
C:\Program Files\America Online
9.0c\shellmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
7vPn2t3y40w4iLqATnQYgj7Jf/zPBviYwQiFKxx
Eol_sabQt5.html
R0 - HKCU\Software\Microsoft\Internet
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
Pq7ySI_h7fRYvTiAXDCDWwlZvP7eeU.html
R1 - HKLM\Software\Microsoft\Internet
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
ze/ie/defaults/stp/ymsgr6/*http://www.y
ahoo.com
R1 - HKLM\Software\Microsoft\Internet
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
ze/ie/defaults/su/ymsgr6/*http://www.ya
hoo.com
R0 - HKLM\Software\Microsoft\Internet
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
ze/ie/defaults/stp/ymsgr6/*http://www.y
ahoo.com
R1 - HKCU\Software\Microsoft\Internet
R1 - HKCU\Software\Microsoft\Internet
Connection Wizard,ShellNext =
http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO -
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670}
-
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cp
n1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class -
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
O2 - BHO: (no name) -
{42F72E49-D2DB-CDF1-E296-36A6AC56F8AC}
-
C:\DOCUME~1\Jenna\APPLIC~1\SEEKAM~1\axi
ssupport.exe
O2 - BHO: Need2Find Bar BHO -
O2 - BHO: Need2Find Bar BHO -
{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
- C:\Program
Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) -
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess -
O2 - BHO: DriveLetterAccess -
{5CA3D70E-1895-11CF-8E15-001234567890}
- C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST -
O2 - BHO: ST -
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
- C:\Program Files\MSN
Apps\ST\01.03.0000.1005\en-xu\stmain.dl
l
O2 - BHO: CNisExtBho Class -
O2 - BHO: CNisExtBho Class -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
- C:\Program Files\Common
Files\Symantec
Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO -
O2 - BHO: MSNToolBandBHO -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Apps\MSN
Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class -
O2 - BHO: CNavExtBho Class -
{BDF3E430-B101-42AD-A544-FADC6B084872}
- C:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant -
O3 - Toolbar: Web assistant -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
- C:\Program Files\Common
Files\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN -
O3 - Toolbar: MSN -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Apps\MSN
Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search -
O3 - Toolbar: AIM Search -
{40D41A8B-D79B-43d7-99A7-9EE0F344C385}
- C:\Program Files\AIM
Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion -
O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
-
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cp
n1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [URLLSTCK.exe]
O4 - HKLM\..\Run: [URLLSTCK.exe]
C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver
O4 - HKLM\..\Run: [Symantec NetDriver
Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
/Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched]
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint]
O4 - HKLM\..\Run: [IntelliPoint]
"C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program
O4 - HKLM\..\Run: [ccApp] "C:\Program
Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOL Spyware
O4 - HKLM\..\Run: [AOL Spyware
Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLS
P Scheduler.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]
O4 - HKLM\..\Run: [KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mfcd 32 axis dupe]
O4 - HKLM\..\Run: [mfcd 32 axis dupe]
C:\Documents and Settings\All
Users\Application
Data\CompGlobalMfcd32\Show Wave.exe
O4 - HKCU\..\Run: [mess browse]
O4 - HKCU\..\Run: [mess browse]
C:\DOCUME~1\Jenna\APPLIC~1\CREATI~1\Cur
bWmaRef.exe
O4 - HKCU\..\Run: [AOL Fast Start]
O4 - HKCU\..\Run: [AOL Fast Start]
"C:\Program Files\America Online
9.0c\AOL.EXE" -b
O8 - Extra context menu item: &AIM
O8 - Extra context menu item: &AIM
Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL
O8 - Extra context menu item: &AOL
Toolbar search - res://C:\Program
Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: &Search -
ch.html?p=KA
O8 - Extra context menu item: &Yahoo!
O8 - Extra context menu item: &Yahoo!
Search -
file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Use as
O8 - Extra context menu item: Use as
&Display Picture - C:\Program
Files\IEDP2\IEDP.htm
O8 - Extra context menu item: Yahoo!
O8 - Extra context menu item: Yahoo!
&Dictionary -
file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo!
O8 - Extra context menu item: Yahoo!
&Maps -
file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) -
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.
dll
O9 - Extra 'Tools' menuitem: Sun Java
O9 - Extra 'Tools' menuitem: Sun Java
Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.
dll
O9 - Extra button: Messenger -
O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo!
O9 - Extra 'Tools' menuitem: Yahoo!
Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar -
O9 - Extra button: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
- C:\Program Files\AOL
Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL
O9 - Extra 'Tools' menuitem: AOL
Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
- C:\Program Files\AOL
Toolbar\toolbar.dll (file missing)
O9 - Extra button: AIM -
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
- C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite -
O9 - Extra button: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9}
- C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9}
- C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com -
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
- C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: @C:\Program
O9 - Extra button: @C:\Program
Files\Messenger\Msgslang.dll,-61144 -
{FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:
O9 - Extra 'Tools' menuitem:
@C:\Program
Files\Messenger\Msgslang.dll,-61144 -
{FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:
O16 - DPF:
{14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
ssengerStatsPAClient.cab31267.cab
O16 - DPF:
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(YInstStarter Class) - C:\Program
Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF:
O16 - DPF:
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
061001/housecall.trendmicro.com/houseca
ll/xscan53.cab
O16 - DPF:
O16 - DPF:
{88D758A3-D33B-45FD-91E3-67749B4057FA}
(Sinstaller Class) -
s/si/1/sinstaller.cab
O16 - DPF:
O16 - DPF:
{B8BE5E93-A60C-4D26-A2DC-220313175592}
(ZoneIntro Class) -
ntro.cab34246.cab
O17 -
O17 -
HKLM\System\CCS\Services\Tcpip\..\{AAEC
CBE6-79B8-4C95-B3CB-F8BA0A32DE47}:
NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui -
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service
O23 - Service: AOL Connectivity Service
(AOL ACS) - America Online - C:\Program
Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor
O23 - Service: AOL TopSpeed Monitor
(AOL TopSpeedMonitor) - America Online,
Inc - C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection
O23 - Service: AOL Spyware Protection
Service (AOLService) - Unknown owner -
C:\Program Files\Common Files\AOL\AOL
Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager
O23 - Service: Symantec Event Manager
(ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy
O23 - Service: Symantec Network Proxy
(ccProxy) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe
O23 - Service: Symantec Password
O23 - Service: Symantec Password
Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings
O23 - Service: Symantec Settings
Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection
O23 - Service: Kodak Camera Connection
Software (KodakCCS) - Eastman Kodak
Company -
C:\WINDOWS\system32\drivers\KodakCCS.ex
e
O23 - Service: LexBce Server (LexBceS)
O23 - Service: LexBce Server (LexBceS)
- Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto
O23 - Service: Norton AntiVirus Auto
Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton
Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec
O23 - Service: SAVScan - Symantec
Corporation - C:\Program Files\Norton
Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service
O23 - Service: ScriptBlocking Service
(SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\
SBServ.exe
O23 - Service: Symantec Network Drivers
O23 - Service: Symantec Network Drivers
Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC)
O23 - Service: SymWMI Service (SymWSC)
- Symantec Corporation - C:\Program
Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW)
O23 - Service: WAN Miniport (ATW)
Service (WANMiniportService) - America
Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Is there anything here I should delete?
P.S. Running on Dell dim. 2400 Windows xp home sp 2 , norton internet security and antivirus 2004.
Also ran Spybot s&d and Housecall, and Adaware Se.
No Events found!
Midnight Star
4.8K Posts
0
August 19th, 2005 02:00
I can see a LOP installation, along with a BHO that shouldn't be there. What you need to do is repost the log in the proper format so the experts here can more easily analyse it - as it is, it's very difficult to read without the proper software. :)
=====
Mike.