Please Review Hijack This File - Got Hit With Spyware

Discussion in 'Computer Support' started by Sweat, Nov 28, 2006.

  1. Sweat

    Sweat Guest

    My PC got slammed with adware and probably worse. I've run Norton
    Anti-Virus and Ad-Aware to try and clean up the bad programs. I'm
    concerned that there is still something that has not been caught,
    however.

    Could someone review my Hijack This log and let me know if there is
    anything else that needs to be removed? There is an nwiz.exe file that
    might be questionable, though I have a NVIDIA card installed on my PC.
    Not sure about some other files though.

    Thanks in advance.


    Logfile of HijackThis v1.99.1
    Scan saved at 8:58:09 PM, on 11/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\iGive__Shopping__Window\iGiveShoppingWindowv.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
    C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
    C:\Program Files\iGive__Shopping__Window\ig.exe
    C:\Program Files\Common Files\Symantec Shared\Security
    Console\NSCSRVCE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Charles-Marni\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    http://www.dell4me.com/myway
    R3 - URLSearchHook: Yahoo! Toolbar -
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper -
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
    C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security 2006 -
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
    Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class -
    {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
    6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
    C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton Internet Security 2006 -
    {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
    Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B}
    - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
    Experience\PCMService.exe"
    O4 - HKLM\..\Run: [diagent] "C:\Program
    Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program
    Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common
    Files\Zing\ZingSpooler.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [igivm] "C:\Program
    Files\iGive__Shopping__Window\iGiveShoppingWindowv.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell
    Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
    Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax
    Messenger Plus 3.3\J2GDllCmd.exe
    O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax
    Messenger Plus 3.3\J2GTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word -
    res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -
    res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: iGive Shopping Window - file://C:\Program
    Files\iGive__Shopping__Window\igivt\igivC5.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English -
    res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
    {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: AbsolutePoker.com -
    {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All
    Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: AbsolutePoker.com -
    {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All
    Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O9 - Extra button: iGive Shopping Window -
    {9B7E79AC-A646-4e45-A70F-1B3981FE370E} - file://C:\Program
    Files\iGive__Shopping__Window\igivt\igivC5.htm (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4}
    (TenebrilSpywareScanner Control) -
    http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
    http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation
    (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet
    Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
    Files\Norton Internet Security\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology
    Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation -
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
    Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
    C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\Security
    Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    Sweat, Nov 28, 2006
    #1
    1. Advertising

  2. Sweat

    Leythos Guest

    In article <>,
    says...
    > Could someone review my Hijack


    Why don't you read the directions and post the log file to one of the
    many websites that is designed to analyze the file.

    By posting it here you can only HOPE that the reply you get is worth
    what you've paid for it.

    --


    remove 999 in order to email me
     
    Leythos, Nov 28, 2006
    #2
    1. Advertising

  3. Sweat

    Guest

    , Nov 28, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Me
    Replies:
    2
    Views:
    1,332
  2. Lisa Goodman

    hijack this log file

    Lisa Goodman, Aug 11, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    681
    °Mike°
    Aug 11, 2004
  3. =?Utf-8?B?bWNrNjg0?=

    hijack this log file confusion?

    =?Utf-8?B?bWNrNjg0?=, Oct 11, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    590
    Malke
    Oct 11, 2006
  4. Replies:
    10
    Views:
    593
  5. sharonf

    Hijack? Virus? Spyware?

    sharonf, Jan 19, 2007, in forum: Computer Support
    Replies:
    3
    Views:
    453
    Leythos
    Jan 19, 2007
Loading...

Share This Page