hjt log advice needed

Discussion in 'Computer Support' started by ellis_jay, Mar 24, 2005.

  1. ellis_jay

    ellis_jay Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 3:40:47 PM, on 3/24/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\windows\system\hpsysdrv.exe
    C:\hp\KBD\kbd.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1
    for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://srch-us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://srch-us7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://srch-us7.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://us7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://srch-us7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://srch-us7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://srch-us7.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
    C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [KBD] C:\hp\KBD\kbd.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
    Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
    Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe"
    /server
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program
    Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    Destroy\TeaTimer.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program
    Files\InterMute\SpySubtract\SpySub.exe
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
    http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
    http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
    http://online.comcast.net/help/ (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
    Files\AIM95\aim.exe
    O9 - Extra button: Yahoo! Messenger -
    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .bcf: C:\Program Files\Internet
    Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
    http://housecall-beta.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    scanner) -
    http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
    (PPSDKActiveXScanner.MainScreen) -
    http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
    http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1111117462171
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data
    Transfer Control) - http://racing.youbet.com/wr_4_0/controls/ybrequest.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
    Scanner) -
    http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) -
    http://racing.youbet.com/controls/YBUICtrl.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
    Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    thanx

    --
    He released government from the restraint of law.
    ____Lord Acton on Niccolo Machiavelli (1469-1527), George W. Bush, and the
    Straussian neocons

    Ellis_Jay
     
    ellis_jay, Mar 24, 2005
    #1
    1. Advertising

  2. ellis_jay

    Steve P Guest

    "ellis_jay" <> wrote in message
    news:...
    > Logfile of HijackThis v1.99.1
    > Scan saved at 3:40:47 PM, on 3/24/2005
    > Platform: Windows XP SP1 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    > C:\Program Files\Alwil Software\Avast4\ashServ.exe
    > C:\windows\system\hpsysdrv.exe
    > C:\hp\KBD\kbd.exe
    > C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    > C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    > C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    > C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    > C:\WINDOWS\System32\svchost.exe
    > c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    > C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    > C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    > C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1
    > for hijackthis[1].zip\HijackThis.exe
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://us7.hpwis.com/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    > http://srch-us7.hpwis.com/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > http://srch-us7.hpwis.com/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    > http://srch-us7.hpwis.com/
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.comcast.net/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://us7.hpwis.com/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    > http://srch-us7.hpwis.com/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > http://srch-us7.hpwis.com/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    > http://srch-us7.hpwis.com/
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.comcast.net/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    > Microsoft
    > Internet Explorer provided by Comcast
    > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings,ProxyOverride = localhost
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    > O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
    > C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\System32\msdxm.ocx
    > O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    > O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    > O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
    > O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    > O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    > O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    > O4 - HKLM\..\Run: [KBD] C:\hp\KBD\kbd.exe
    > O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    > O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
    > Labs\ZoneAlarm\zlclient.exe"
    > O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
    > Studios\WinPatrol\winpatrol.exe
    > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    > Files\Sonic\Update Manager\sgtray.exe" /r
    > O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe"
    > /server
    > O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program
    > Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    > O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    > Files\Java\jre1.5.0_01\bin\jusched.exe
    > O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    > Destroy\TeaTimer.exe
    > O4 - Global Startup: SpySubtract.lnk = C:\Program
    > Files\InterMute\SpySubtract\SpySub.exe
    > O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
    > http://www.comcast.net/ (file missing)
    > O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
    > http://www.comcastsupport.com/ (file missing)
    > O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
    > http://online.comcast.net/help/ (file missing)
    > O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    > C:\Program
    > Files\AIM95\aim.exe
    > O9 - Extra button: Yahoo! Messenger -
    > {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    > C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    > O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    > {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    > C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Program Files\Messenger\MSMSGS.EXE
    > O9 - Extra 'Tools' menuitem: Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    > Files\Messenger\MSMSGS.EXE
    > O12 - Plugin for .bcf: C:\Program Files\Internet
    > Explorer\Plugins\NPBelv32.dll
    > O12 - Plugin for .spop: C:\Program Files\Internet
    > Explorer\Plugins\NPDocBox.dll
    > O16 - DPF: ppctlcab -
    > http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    > O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
    > http://housecall-beta.trendmicro.com/housecall/xscan60.cab
    > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    > scanner) -
    > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    > O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
    > (PPSDKActiveXScanner.MainScreen) -
    > http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    > O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
    > http://www.xblock.com/download/xclean_micro.exe
    > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    > http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1111117462171
    > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    > Class) -
    > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    > O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data
    > Transfer Control) - http://racing.youbet.com/wr_4_0/controls/ybrequest.cab
    > O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    > http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    > O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    > Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    > O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
    > Scanner) -
    > http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    > O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    > O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) -
    > http://racing.youbet.com/controls/YBUICtrl.cab
    > O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
    > Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    > O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    > O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    > C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    > O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    > Software\Avast4\ashServ.exe
    > O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program
    > Files\Alwil
    > Software\Avast4\ashMaiSv.exe" /service (file missing)
    > O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    > Software\Avast4\ashWebSv.exe" /service (file missing)
    > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
    > C:\WINDOWS\System32\nvsvc32.exe
    > O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
    > C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    >
    > thanx
    >
    > --
    > He released government from the restraint of law.
    > ____Lord Acton on Niccolo Machiavelli (1469-1527), George W. Bush, and the
    > Straussian neocons
    >
    > Ellis_Jay
    >
    >

    Try pasting to http://www.hijackthis.de/
     
    Steve P, Mar 24, 2005
    #2
    1. Advertising

  3. ellis_jay

    WormWood Guest

    http://hijackthis.de/en


    "ellis_jay" <> wrote in message
    news:...
    > Logfile of HijackThis v1.99.1
    > Scan saved at 3:40:47 PM, on 3/24/2005
    > Platform: Windows XP SP1 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:

    <snip>
     
    WormWood, Mar 24, 2005
    #3
  4. ellis_jay

    Jim Guest

    We can see from line one Running processes_C:\WINDOWS\System32\smss.exe
    that you are a distgusting pervert.
    I must point your attention to smss.exe, which as everyone knows is a "sado
    masocistis sex servent", with EXTRA.
    I suggest politions should stick to their own sick perverted rooms, and
    leave the commoners alone.
    I do not wish to go into detail of what winlogon.exe means, but is it
    windows icons nonces logon.extreme.
    I dont wont to know how my car works but I do.
    I dont want to know about why the Americans are fighting over Oil, but I do.
    I want to know why cars are not running on hydrogen & oxygen, but I do.
    And most of all, I dont wont to know about your shit problems that make your
    computer not work!.

    Sad. what a waste of Intelligence?.

    "ellis_jay" <> wrote in message
    news:...
    > Logfile of HijackThis v1.99.1
    > Scan saved at 3:40:47 PM, on 3/24/2005
    > Platform: Windows XP SP1 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    > C:\Program Files\Alwil Software\Avast4\ashServ.exe
    > C:\windows\system\hpsysdrv.exe
    > C:\hp\KBD\kbd.exe
    > C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    > C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    > C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    > C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    > C:\WINDOWS\System32\svchost.exe
    > c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    > C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    > C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    > C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1
    > for hijackthis[1].zip\HijackThis.exe
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://us7.hpwis.com/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    > http://srch-us7.hpwis.com/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > http://srch-us7.hpwis.com/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    > http://srch-us7.hpwis.com/
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.comcast.net/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://us7.hpwis.com/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    > http://srch-us7.hpwis.com/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > http://srch-us7.hpwis.com/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    > http://srch-us7.hpwis.com/
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.comcast.net/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    > Microsoft
    > Internet Explorer provided by Comcast
    > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings,ProxyOverride = localhost
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    > O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
    > C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    > C:\WINDOWS\System32\msdxm.ocx
    > O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    > O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    > O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
    > O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    > O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    > O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    > O4 - HKLM\..\Run: [KBD] C:\hp\KBD\kbd.exe
    > O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    > O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
    > Labs\ZoneAlarm\zlclient.exe"
    > O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
    > Studios\WinPatrol\winpatrol.exe
    > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    > Files\Sonic\Update Manager\sgtray.exe" /r
    > O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe"
    > /server
    > O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program
    > Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    > O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    > Files\Java\jre1.5.0_01\bin\jusched.exe
    > O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    > Destroy\TeaTimer.exe
    > O4 - Global Startup: SpySubtract.lnk = C:\Program
    > Files\InterMute\SpySubtract\SpySub.exe
    > O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
    > http://www.comcast.net/ (file missing)
    > O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
    > http://www.comcastsupport.com/ (file missing)
    > O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
    > http://online.comcast.net/help/ (file missing)
    > O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    > C:\Program
    > Files\AIM95\aim.exe
    > O9 - Extra button: Yahoo! Messenger -
    > {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    > C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    > O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    > {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    > C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Program Files\Messenger\MSMSGS.EXE
    > O9 - Extra 'Tools' menuitem: Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    > Files\Messenger\MSMSGS.EXE
    > O12 - Plugin for .bcf: C:\Program Files\Internet
    > Explorer\Plugins\NPBelv32.dll
    > O12 - Plugin for .spop: C:\Program Files\Internet
    > Explorer\Plugins\NPDocBox.dll
    > O16 - DPF: ppctlcab -
    > http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    > O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
    > http://housecall-beta.trendmicro.com/housecall/xscan60.cab
    > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    > scanner) -
    > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    > O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
    > (PPSDKActiveXScanner.MainScreen) -
    > http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    > O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
    > http://www.xblock.com/download/xclean_micro.exe
    > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    > http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1111117462171
    > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    > Class) -
    > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    > O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data
    > Transfer Control) - http://racing.youbet.com/wr_4_0/controls/ybrequest.cab
    > O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    > http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    > O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    > Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    > O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
    > Scanner) -
    > http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    > O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    > O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) -
    > http://racing.youbet.com/controls/YBUICtrl.cab
    > O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer
    > Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    > O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    > O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    > C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    > O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    > Software\Avast4\ashServ.exe
    > O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program
    > Files\Alwil
    > Software\Avast4\ashMaiSv.exe" /service (file missing)
    > O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    > Software\Avast4\ashWebSv.exe" /service (file missing)
    > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
    > C:\WINDOWS\System32\nvsvc32.exe
    > O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
    > C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    >
    > thanx
    >
    > --
    > He released government from the restraint of law.
    > ____Lord Acton on Niccolo Machiavelli (1469-1527), George W. Bush, and the
    > Straussian neocons
    >
    > Ellis_Jay
    >
    >
     
    Jim, Mar 24, 2005
    #4
  5. ellis_jay

    pcbutts1 Guest

    I don't see anything wrong with it except that you have a lot of HP crap
    loading and running. What problems are you having?

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    Sharpvision simply the best http://www.seedsv.com



    "ellis_jay" <> wrote in message
    news:...
    > Logfile of HijackThis v1.99.1
    > Scan saved at 3:40:47 PM, on 3/24/2005
    > Platform: Windows XP SP1 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
     
    pcbutts1, Mar 25, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Payne

    HJT Log - was Uninstall Google Toobar

    Michael Payne, Oct 3, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    1,431
    ┬░Mike┬░
    Oct 3, 2004
  2. Stickywax

    HJT Log File

    Stickywax, Dec 31, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    822
  3. Dimitri

    wareout.exe (need help with HJT log)

    Dimitri, Mar 2, 2005, in forum: Computer Support
    Replies:
    9
    Views:
    704
  4. HJT Log

    , Jul 2, 2005, in forum: Computer Support
    Replies:
    8
    Views:
    651
  5. Cooter

    Anouther HJT Log

    Cooter, Nov 17, 2005, in forum: Computer Support
    Replies:
    4
    Views:
    451
    pcbutts1
    Nov 19, 2005
Loading...

Share This Page