mauiman01
asked on
Hijackthis Log File-Can someone tell me what to delete?
Logfile of HijackThis v1.98.0
Scan saved at 11:45:19 AM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\SCardS vr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor. exe
C:\PROGRA~1\A4Tech\Keyboar d\Ikeymain .exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet. exe
C:\Compaq\EAKDRV\EAUSBKBD. EXE
C:\PROGRA~1\Compaq\EASYAC~ 1\BttnServ .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpywareGuard\sgmain. exe
C:\Program Files\SpywareGuard\sgbhp.e xe
C:\WINDOWS\system32\netdde .exe
C:\WINDOWS\System32\alg.ex e
C:\WINDOWS\System32\Ati2ev xx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\dllhos t.exe
C:\WINDOWS\System32\gearse c.exe
C:\WINDOWS\System32\msdtc. exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\dllhos t.exe
C:\WINDOWS\SYSTEM32\ZoneLa bs\vsmon.e xe
C:\WINDOWS\System32\vssvc. exe
C:\WINEYES\WESERV.EXE
C:\WINDOWS\System32\dmadmi n.exe
C:\PROGRA~1\NORTON~1\SPEED D~1\nopdb. exe
C:\WINEYES\wineyes.exe
C:\WINEYES\SPEECH32.EXE
C:\WINEYES\GWM32.EXE
C:\WINEYES\bdisplay.exe
C:\hijackthis\HijackThis.e xe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.ht m
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0 B27DDD11DB 2} - C:\Program Files\SpywareGuard\dlprote ct.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboar d\Ikeymain .exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain. exe
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar 2.dll/cmse arch.html
O8 - Extra context menu item: =>&Español - http:\\wordreference.com\es\j\iees69.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar 2.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar 2.dll/cmca che.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar 2.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar 2.dll/cmtr ans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - (no file)
O9 - Extra button: Support - {4D2222B2-AE9B-490B-AACB-D 8BCD6D6C58 D} - C:\Program Files\Internet Explorer\SIGNUP\Presario.h tm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {41F17733-B041-4099-A042-B 518BB6A408 C} - http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.info.apple.com/iTunes4/WW/win/019-0123.20031218.zes4d/iTunesSetup.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-0 0C04F9A3B6 1} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AD08A333-609E-11D3-950C-0 0809860156 7} - http://wordreference.com/Install/English%20to%20Spanish.cab
O20 - AppInit_DLLs: GWMHOOK.DLL
j
Scan saved at 11:45:19 AM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\SCardS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.
C:\PROGRA~1\A4Tech\Keyboar
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.
C:\Compaq\EAKDRV\EAUSBKBD.
C:\PROGRA~1\Compaq\EASYAC~
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpywareGuard\sgmain.
C:\Program Files\SpywareGuard\sgbhp.e
C:\WINDOWS\system32\netdde
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\System32\Ati2ev
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\dllhos
C:\WINDOWS\System32\gearse
C:\WINDOWS\System32\msdtc.
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\dllhos
C:\WINDOWS\SYSTEM32\ZoneLa
C:\WINDOWS\System32\vssvc.
C:\WINEYES\WESERV.EXE
C:\WINDOWS\System32\dmadmi
C:\PROGRA~1\NORTON~1\SPEED
C:\WINEYES\wineyes.exe
C:\WINEYES\SPEECH32.EXE
C:\WINEYES\GWM32.EXE
C:\WINEYES\bdisplay.exe
C:\hijackthis\HijackThis.e
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboar
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: =>&Español - http:\\wordreference.com\es\j\iees69.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Support - {4D2222B2-AE9B-490B-AACB-D
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {AD08A333-609E-11D3-950C-0
O20 - AppInit_DLLs: GWMHOOK.DLL
j
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try disabling ur messenger service >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
ASKER
Aloha,
The problem is that I am being notified 6-12 times a day that I am sending emails with virus.
However, I do not recognize the the to: email, so I believe that I am not sending them. So, I was looking for a hijacker!
I have ran norton av, spybot, adaware, and hijackthis.
Many thanks,
Manny
The problem is that I am being notified 6-12 times a day that I am sending emails with virus.
However, I do not recognize the the to: email, so I believe that I am not sending them. So, I was looking for a hijacker!
I have ran norton av, spybot, adaware, and hijackthis.
Many thanks,
Manny
hmm who or what notifies you that you are sending emails with virus?
Some other people or your anti virus program?
If its a person, then I proberly know whats going wrong.
Someone you proberly know, who have your email address is infected.
He/She is infected with a virus that will go tru their address book to find target + sender email addresses.
The virus will send everybody in that address book a mail with a fake sender email address. Which is in this case, you.
So you are proberly not sending the emails yourself, but on someone else computer whos using your email address as sender to mail other victims.
Some other people or your anti virus program?
If its a person, then I proberly know whats going wrong.
Someone you proberly know, who have your email address is infected.
He/She is infected with a virus that will go tru their address book to find target + sender email addresses.
The virus will send everybody in that address book a mail with a fake sender email address. Which is in this case, you.
So you are proberly not sending the emails yourself, but on someone else computer whos using your email address as sender to mail other victims.
ASKER
the notification is coming from my isp.
then its easy. Get an anti-virus program, like Norton Anti-Virus 2004.
Run a scan at all levels. See what it can find, if he cant find anything. I would suggest you to reinstall.
So basicly:
Install Anti-Virus run scan, if it find it, let the program remove them and leave it be, until ISP notifies you again ;)
If it cant find anything, I would backup, reinstall windows. And when its done, install Anti-Virus + Windows update.
I always advise my clients to reinstall when they are infected, thats the only way to be 100% sure its clean.
Run a scan at all levels. See what it can find, if he cant find anything. I would suggest you to reinstall.
So basicly:
Install Anti-Virus run scan, if it find it, let the program remove them and leave it be, until ISP notifies you again ;)
If it cant find anything, I would backup, reinstall windows. And when its done, install Anti-Virus + Windows update.
I always advise my clients to reinstall when they are infected, thats the only way to be 100% sure its clean.
ASKER
The problem is that I am being notified 6-12 times a day that I am sending emails with virus.
However, I do not recognize the the to: email, so I believe that I am not sending them. So, I was looking for a hijacker!
I have ran Norton av, spybot, adaware, and hijackerthis.
Many thanks,
Manny