Hijack this Log and strange behavior after new router

Discussion in 'Computer Support' started by Fred, Dec 23, 2007.

  1. Fred

    Fred Guest

    Hi, I installed a new verizon router about a week ago now I get a pop
    up in the
    task bar thats so quick I cant read it or even see it for very long.I
    think its
    a windows firewall alert but I'm not sure I did install sygate
    personnel
    firewall when its on I do not get the pop up when I turn it off I get
    it cant
    read it or see what it is but it makes a pop up noise every time ran
    windows
    defender avg and a couple of on line scans they all come up with
    nothing.Not
    sure what I'm dealing with here so I did a Hijack this scan and I'm
    hoping for
    help.Below is the results of my scan. Thanks in Advance



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:01:37 AM, on 12/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps
    \apdproxy.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform
    \nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\DisplayFusion\DisplayFusion.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\Logitech Internet Handset\LOGI_HDS.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\MyTheatre\MyTheatre.exe
    C:\Program Files\MyTheatre\MyTheatre.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.dell4me.com/mywaybiz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://bfc.myway.com/search/de_srchlft.html?p=DS
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.ebay.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    http://dslstart.verizon.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75}
    - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no
    file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
    B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat
    \ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-
    A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer
    \SkypeIEPlugin.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:
    \Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
    \Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java
    \jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix
    Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
    Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer
    \RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
    \qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:
    \PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files
    \InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool
    \drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /
    STARTUP
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD
    \PDVDServ.exe"
    O4 - HKLM\..\Run: [DTV-DVB MCE CI] "C:\Documents and Settings\Dell
    User 1\MCECIConsole.exe"
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files
    \Essentials Codec Pack\update.exe -silent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead
    \Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender
    \MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
    \Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe
    \Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /
    auto
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure
    Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic
    \nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -
    startgui
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
    \DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!
    \MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /
    background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion
    \DisplayFusion.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
    \AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
    \AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
    \AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
    \AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: Logitech Internet Handset.lnk = C:\Program Files
    \Logitech\Logitech Internet Handset\LOGI_HDS.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
    AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:
    \Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
    - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
    d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic
    \xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
    BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1186356450218
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1186712945593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:
    \PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: APC UPS Service - American Power Conversion Corporation
    - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS
    \system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.
    - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:
    \PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:
    \PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) -
    Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager
    \iaantmon.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero
    BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
    Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure
    Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer
    \bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure
    Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared
    \Platform\nmsrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS
    \system32\HPZipm12.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate
    Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
     
    Fred, Dec 23, 2007
    #1
    1. Advertisements

  2. Fred

    pcbutts1 Guest

    Use Remove-it version 16, it's fast and free. It now has over 6500
    signatures to remove All variants of Rogue scanners, Desktop/Homepage
    Hijackers, Trojans, Codec's, and related Malware/Spyware. New Feature,
    Remove-it will now update your hosts file. This tool is designed to
    Specifically remove all variants. Scan time is about 2-10 minutes. Designed
    for Windows 2000/XP only.First read this page
    http://www.pcbutts1.com/downloads then use the email link on the bottom of
    the page to receive the software.


    Check my feedback and see what others have said about it
    http://pcbutts1-therealtruth.blogspot.com/

    --

    Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
    The list grows. Leythos the stalker http://www.leythosthestalker.com, David
    H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
    Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
     
    pcbutts1, Dec 23, 2007
    #2
    1. Advertisements

  3. Fred

    ellis_jay Guest

    http://www.pcreview.co.uk/startup/ISUSPM.exe.php
     
    ellis_jay, Dec 23, 2007
    #3
  4. Fred

    Pennywise Guest

    Paste it here http://hijackthis.de/en check the yellow, delete the
    red.
     
    Pennywise, Dec 23, 2007
    #4
  5. Fred

    Leythos Guest

    You left out the part about it blocking access to reputable anti-malware
    sites, and that your site is packed full of porn that is disgusting....

    What about that new auto-update feature? Do people really want to allow
    a porno site to update things on their computer?

    --

    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
    that create filth and put it on the web for any kid to see: Just take a
    look at some of the FILTH he's created and put on his website:
    http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
     
    Leythos, Dec 23, 2007
    #5
  6. Fred

    why? Guest

    On Sun, 23 Dec 2007 08:19:51 -0800 (PST), Fred wrote:

    Another one, paste your HJT logs in the proper place, like the HTJ
    forums. This has been mentioned many times in 24HSHD
    http://groups.google.com/group/24hoursupport.helpdesk/topics
    in the past few weeks.
    Not sure it's a Win FW popup or not sure you installed Sygate? Anyway
    you don't need 2 FW running together. Use the security center to check
    Win FW status or Sygate if it works with the SC will also tell you it's
    status. In either case enable the logs / check logs for each FW and
    remember the event viewer.
    Wrong place to post HTJ log,

    Try
    http://www.hijackthis.de/en
    in the text box headed -

    You can paste a logfile in this textbox

    Me
     
    why?, Dec 23, 2007
    #6
  7. Fred

    Clogwog Guest

    Yes, go here: http://www.mvps.org/winhelp2002/hosts.htm
    --
    pcbutt-head is almost banned from the internet.
    He's a parasite!
    http://www.mvps.org/winhelp2002/hosts.htm
    <Blocking Unwanted Parasites with a Hosts File>
    <Now includes most major *parasites* , *hijackers* and unwanted
    Adware/Spyware programs!>
    127.0.0.1 pcbutts1-therealtruth.blogspot.com
    127.0.0.1 www.pcbutts1.com #[Unauthorized
    Downloads][SiteAdvisor.pcbutts1.com]
    127.0.0.1 leythosthestalker.com
    127.0.0.1 www.leythosthestalker.com
     
    Clogwog, Dec 25, 2007
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.