Hi all
Can someone help me clean this up please?
Logfile of HijackThis v1.97.7
Scan saved at 17:08:32, on 23/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\spools
v.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc3
2.exe
C:\PROGRA~1\NORTON~1\SPEED
D~1\nopdb.
exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\Explorer.EXE
I:\Programs\Winamp\winampa
.exe
C:\PROGRA~1\NORTON~1\WinFa
x\WFXSWTCH
.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\RUNDLL
32.EXE
C:\PROGRA~1\NORTON~1\NORTO
N~1\navapw
32.exe
C:\WINDOWS\system32\RunDll
32.exe
C:\WINDOWS\System32\spool\
DRIVERS\W3
2X86\3\E_S
4I0F2.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ypa
ger.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\rundll
32.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\RIGBBHSP
\HijackThi
s[1].exe
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://msn.skysports.com/skysports/footballR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://www.wanadoo.co.uk/R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=c:\windows\system
32\userini
t.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7
695ECA0567
0} - C:\PROGRA~1\Yahoo!\COMPAN~
1\Installs
\cpn\ycomp
5_3_12_0.d
ll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C
176083F35C
F} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - c:\program files\google\googletoolbar
1.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8
C3E1CE4B34
4} - C:\WINDOWS\system32\nvms.d
ll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
ADC6B08487
2} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-E
D6A80FD66D
A} - C:\WINDOWS\system32\msbe.d
ll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
859DF00B1D
6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
090271D4F8
8} - C:\PROGRA~1\Yahoo!\COMPAN~
1\Installs
\cpn\ycomp
5_3_12_0.d
ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - c:\program files\google\googletoolbar
1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
dll,NvStar
tup
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WinampAgent] I:\Programs\Winamp\winampa
.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFa
x\WFXSWTCH
.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTr
ay.dll,NvT
askbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroC
heck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTO
N~1\navapw
32.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\
DRIVERS\W3
2X86\3\E_S
4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEU
P~1\SNDMon
.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
ger.exe -quiet
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
1.dll/cmse
arch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
1.dll/cmba
cklinks.ht
ml
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
1.dll/cmca
che.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
1.dll/cmsi
milar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
1.dll/cmtr
ans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=
http://www.wanadoo.co.uk/O16 - DPF: {33564D57-0000-0010-8000-0
0AA00389B7
1} -
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABO16 - DPF: {B9191F79-5613-4C76-AA2A-3
98534BB899
9} (YAddBook Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
4455354000
0} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {E36C5562-C4E0-4220-BCB2-1
C671E3A591
6} (Seagate SeaTools English Online) -
http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cabH
