Here is a log file from the "hijack this" utility. I am not sure if the issue is a malware/trojan/virus one or something else. Please note at the end of the log file all of the missing files for the windows services.
I have two users who have this problem. Any advice/direction would be greatly appreciated.
Thank you,
tjheroff
Here you go:
Logfile of HijackThis v1.99.1
Scan saved at 3:00:41 PM, on 6/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
.exe
C:\WINNT\system32\services
.exe
C:\WINNT\system32\lsass.ex
e
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\MsgSys.E
XE
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\kstandish\Desktop
\HiJackThi
s\HijackTh
is.exe
R1 - HKCU\Software\Microsoft\In
ternet Connection Wizard,ShellNext =
http://www.emcp.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d
ll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCle
aner_full.
exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk.disabled
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\T
cpip\Param
eters: Domain = emcp.com
O17 - HKLM\Software\..\Telephony
: DomainName = emcp.com
O17 - HKLM\System\CS1\Services\T
cpip\Param
eters: Domain = emcp.com
O17 - HKLM\System\CS2\Services\T
cpip\Param
eters: Domain = emcp.com
O17 - HKLM\System\CS3\Services\T
cpip\Param
eters: Domain = emcp.com
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: CWShredder Service - InterMute, Inc. - D:\050305-HJT\CWShredder.e
xe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatib
ility) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Themes - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: WebClient - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\system32\svchost.
exe (file missing)
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINNT\System32\svchost.
exe (file missing)
