Can someone tell me if anything from this hijackthis log needs to be removed? Even with firewall and anti-virus running I still got hit with adware and a virus. I already removed kernels32.exe from a previous hijackthis log and ran ad-aware in safe mode. But I'm still having issues. Thanks!!
Logfile of HijackThis v1.99.1
Scan saved at 2:25:34 PM, on 3/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\PROGRA~1\Grisoft\AVG7\a
vgrssvc.ex
e
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-
4c61-B58F-
2F227FCA9A
08}\PIFSvc
.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
v.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ehome\ehtray.ex
e
C:\PROGRA~1\COMMON~1\AOL\A
OLSPY~1\AO
LSP Scheduler.exe
C:\PROGRA~1\Grisoft\AVG7\a
vgcc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileA
gent.exe
C:\WINDOWS\system32\ctfmon
.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aol
tsmon.exe
C:\Program Files\Symantec\LiveUpdate\
ALUSchedul
erSvc.exe
C:\PROGRA~1\Grisoft\AVG7\a
vgamsvr.ex
e
C:\PROGRA~1\Grisoft\AVG7\a
vgupsvc.ex
e
C:\PROGRA~1\Grisoft\AVG7\a
vgrssvc.ex
e
C:\PROGRA~1\Grisoft\AVG7\a
vgemc.exe
C:\WINDOWS\eHome\ehRecvr.e
xe
C:\WINDOWS\eHome\ehSched.e
xe
C:\WINDOWS\system32\inetsr
v\inetinfo
.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.e
xe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Photodex\ProShowProd
ucer\ScsiA
ccess.exe
C:\WINDOWS\system32\svchos
t.exe
C:\PROGRA~1\Grisoft\AVG7\a
vgfwsrv.ex
e
C:\WINDOWS\system32\dllhos
t.exe
C:\WINDOWS\eHome\ehmsas.ex
e
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Google\Gmail Notifier\bak\gnotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office Pro\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Installations\hijackthis_1
99\HijackT
his.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.optonline.net/R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyServer = 67.80.232.224:8003
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d
ll
O2 - BHO: (no name) - {489021a8-a84f-49ba-bce3-d
92dbd1ed2d
a} - C:\WINDOWS\system32\ir4l32
.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
4DAF1D92D4
3} - C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
ADC6B08487
2} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D
810D7778FD
D} - C:\WINDOWS\system32\tmp3C5
9.tmp.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
859DF00B1D
6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.ex
e
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\
AOLSPY~1\A
OLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-
4c61-B58F-
2F227FCA9A
08}\PIFSvc
.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-
4c61-B58F-
2F227FCA9A
08}\AlertE
ng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\a
vgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-1
88603799DD
3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\pmnlkk.dll",se
tvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.ex
e -hidden
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\
YahooWidge
tEngine.ex
e
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates
from HP.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
2.dll/cmse
arch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar
2.dll/cmwo
rdtrans.ht
ml
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
2.dll/cmba
cklinks.ht
ml
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
2.dll/cmca
che.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1
\OFFICE11\
EXCEL.EXE/
3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
2.dll/cmsi
milar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar
2.dll/cmtr
ans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
C9C571A826
3} - C:\PROGRA~1\MIB7FC~1\OFFIC
E11\REFIEB
AR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-4
62D6D54C78
9} - C:\WINDOWS\PCHEALTH\HELPCT
R\Vendors\
CN=Hewlett
-Packard,L
=Cupertino
,S=Ca,C=US
\IEButton\
support.ht
m
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-4
62D6D54C78
9} - C:\WINDOWS\PCHEALTH\HELPCT
R\Vendors\
CN=Hewlett
-Packard,L
=Cupertino
,S=Ca,C=US
\IEButton\
support.ht
m
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwa
fu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwa
fu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwa
fu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwa
fu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwa
fu.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C
51E6A0F695
E} (Microsoft PID Sniffer) -
https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {406B5949-7190-4245-91A9-3
0A17DE16AD
0} (Snapfish Activia) -
http://www.snapfish.com/SnapfishActivia.cabO16 - DPF: {474F00F5-3853-492C-AC3A-4
76512BBC33
6} (UploadListView Class) -
http://picasaweb.google.com/s/v/14.18/uploader2.cabO16 - DPF: {49232000-16E4-426C-A231-6
2846947304
B} (SysData Class) -
http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cabO16 - DPF: {493ACF15-5CD9-4474-82A6-9
1670C3DD66
E} (LinkedIn ContactFinderControl) -
http://www.linkedin.com/cab/LinkedInContactFinderControl.cabO16 - DPF: {55027008-315F-4F45-BBC3-8
BE11976474
1} (Slide Image Uploader Control) -
http://www.slide.com/uploader/SlideImageUploader.cabO16 - DPF: {74C861A1-D548-4916-BC8A-F
DE92EDFF62
C} -
http://mediaplayer.walmart.com/installer/install.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D
8ABCA09EC0
9} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {B020B534-4AA2-4B99-BD6D-5
F6EE286DF5
C} (Symantec Download Bridge) -
http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cabO16 - DPF: {CB50428B-657F-47DF-9B32-6
71F82AA73F
7} (Photodex Presenter AX control) -
http://www.photodex.com/pxplay.cabO16 - DPF: {E473A65C-8087-49A3-AFFD-C
5BC4A10669
B} (Quantum Streaming IE Player Class) -
http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-8
47D1036C65
D} (QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326O16 - DPF: {FD0B6769-6490-4A91-AA0A-B
5AE0DC75AC
9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwln
tf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxde
v.dll
O20 - Winlogon Notify: ir4l32 - C:\WINDOWS\SYSTEM32\ir4l32
.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0
) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileA
gent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aol
tsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\
ALUSchedul
erSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
vgamsvr.ex
e
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
vgupsvc.ex
e
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
vgrssvc.ex
e
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
vgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
vgfwsrv.ex
e
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService
.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.e
xe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
P~1\LUCOMS
~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-
4c61-B58F-
2F227FCA9A
08}\PIFSvc
.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-
4c61-B58F-
2F227FCA9A
08}\PifEng
.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm
09.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProd
ucer\ScsiA
ccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
