mauiman01
asked on
Hijackthis Log File-Can someone tell me what to delete?
Logfile of HijackThis v1.98.0
Scan saved at 11:45:19 AM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\SCardS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.
C:\PROGRA~1\A4Tech\Keyboar
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.
C:\Compaq\EAKDRV\EAUSBKBD.
C:\PROGRA~1\Compaq\EASYAC~
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpywareGuard\sgmain.
C:\Program Files\SpywareGuard\sgbhp.e
C:\WINDOWS\system32\netdde
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\System32\Ati2ev
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\dllhos
C:\WINDOWS\System32\gearse
C:\WINDOWS\System32\msdtc.
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\dllhos
C:\WINDOWS\SYSTEM32\ZoneLa
C:\WINDOWS\System32\vssvc.
C:\WINEYES\WESERV.EXE
C:\WINDOWS\System32\dmadmi
C:\PROGRA~1\NORTON~1\SPEED
C:\WINEYES\wineyes.exe
C:\WINEYES\SPEECH32.EXE
C:\WINEYES\GWM32.EXE
C:\WINEYES\bdisplay.exe
C:\hijackthis\HijackThis.e
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboar
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: =>&Español - http:\\wordreference.com\es\j\iees69.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Support - {4D2222B2-AE9B-490B-AACB-D
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {AD08A333-609E-11D3-950C-0
O20 - AppInit_DLLs: GWMHOOK.DLL
j
Scan saved at 11:45:19 AM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\SCardS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.
C:\PROGRA~1\A4Tech\Keyboar
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.
C:\Compaq\EAKDRV\EAUSBKBD.
C:\PROGRA~1\Compaq\EASYAC~
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpywareGuard\sgmain.
C:\Program Files\SpywareGuard\sgbhp.e
C:\WINDOWS\system32\netdde
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\System32\Ati2ev
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\dllhos
C:\WINDOWS\System32\gearse
C:\WINDOWS\System32\msdtc.
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\dllhos
C:\WINDOWS\SYSTEM32\ZoneLa
C:\WINDOWS\System32\vssvc.
C:\WINEYES\WESERV.EXE
C:\WINDOWS\System32\dmadmi
C:\PROGRA~1\NORTON~1\SPEED
C:\WINEYES\wineyes.exe
C:\WINEYES\SPEECH32.EXE
C:\WINEYES\GWM32.EXE
C:\WINEYES\bdisplay.exe
C:\hijackthis\HijackThis.e
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboar
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: =>&Español - http:\\wordreference.com\es\j\iees69.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Support - {4D2222B2-AE9B-490B-AACB-D
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {AD08A333-609E-11D3-950C-0
O20 - AppInit_DLLs: GWMHOOK.DLL
j
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try disabling ur messenger service >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
ASKER
Aloha,
The problem is that I am being notified 6-12 times a day that I am sending emails with virus.
However, I do not recognize the the to: email, so I believe that I am not sending them. So, I was looking for a hijacker!
I have ran norton av, spybot, adaware, and hijackthis.
Many thanks,
Manny
The problem is that I am being notified 6-12 times a day that I am sending emails with virus.
However, I do not recognize the the to: email, so I believe that I am not sending them. So, I was looking for a hijacker!
I have ran norton av, spybot, adaware, and hijackthis.
Many thanks,
Manny
hmm who or what notifies you that you are sending emails with virus?
Some other people or your anti virus program?
If its a person, then I proberly know whats going wrong.
Someone you proberly know, who have your email address is infected.
He/She is infected with a virus that will go tru their address book to find target + sender email addresses.
The virus will send everybody in that address book a mail with a fake sender email address. Which is in this case, you.
So you are proberly not sending the emails yourself, but on someone else computer whos using your email address as sender to mail other victims.
Some other people or your anti virus program?
If its a person, then I proberly know whats going wrong.
Someone you proberly know, who have your email address is infected.
He/She is infected with a virus that will go tru their address book to find target + sender email addresses.
The virus will send everybody in that address book a mail with a fake sender email address. Which is in this case, you.
So you are proberly not sending the emails yourself, but on someone else computer whos using your email address as sender to mail other victims.
ASKER
the notification is coming from my isp.
then its easy. Get an anti-virus program, like Norton Anti-Virus 2004.
Run a scan at all levels. See what it can find, if he cant find anything. I would suggest you to reinstall.
So basicly:
Install Anti-Virus run scan, if it find it, let the program remove them and leave it be, until ISP notifies you again ;)
If it cant find anything, I would backup, reinstall windows. And when its done, install Anti-Virus + Windows update.
I always advise my clients to reinstall when they are infected, thats the only way to be 100% sure its clean.
Run a scan at all levels. See what it can find, if he cant find anything. I would suggest you to reinstall.
So basicly:
Install Anti-Virus run scan, if it find it, let the program remove them and leave it be, until ISP notifies you again ;)
If it cant find anything, I would backup, reinstall windows. And when its done, install Anti-Virus + Windows update.
I always advise my clients to reinstall when they are infected, thats the only way to be 100% sure its clean.
ASKER
The problem is that I am being notified 6-12 times a day that I am sending emails with virus.
However, I do not recognize the the to: email, so I believe that I am not sending them. So, I was looking for a hijacker!
I have ran Norton av, spybot, adaware, and hijackerthis.
Many thanks,
Manny