Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Printable Version | Subscribe | Add to Favourites   Post new thread Poll:
Author: Subject: hijackthis log
New User

Posts: 7
Registered: 30-1-2008
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 318644 posted on 30-1-2008 at 00:12 Reply With Quote
hijackthis log

Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:11 PM, on 1/29/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Program Files\Common Files\Motive\McciCMService.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\AT&T\Internet Security Wizard\ISW.exe
E:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Security\HiJack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: Atlanta_Braves - {59b69dba-fa12-4a55-9b87-8ea71bc03108} - E:\Program Files\Atlanta_Braves\tbAtl1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=E:\WINDOWS\System32\userinit.exe,msmsgs.exe,winwork.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1037CEC5-2507-1DD9-531B-5200BBCC8BBA} - E:\WINDOWS\System32\uwtnbclt.dll
O2 - BHO: (no name) - {331549FF-0AAA-46ED-9A2E-BCB3A801906F} - E:\WINDOWS\System32\ssqpm.dll (file missing)
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - E:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Atlanta_Braves - {59b69dba-fa12-4a55-9b87-8ea71bc03108} - E:\Program Files\Atlanta_Braves\tbAtl1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - E:\Program Files\QdrDrive\QdrDrive10.dll
O2 - BHO: (no name) - {A61544B7-F792-44D9-91D9-737F628709D3} - E:\WINDOWS\System32\sstqr.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {B6532491-6B06-427E-863E-70356BA05D7E} - E:\WINDOWS\System32\awvtu.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar4.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Atlanta_Braves - {59b69dba-fa12-4a55-9b87-8ea71bc03108} - E:\Program Files\Atlanta_Braves\tbAtl1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - E:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ISW.exe] "E:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] E:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "E:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [Ascs] "E:\WINDOWS\FNTS~1\ati2evxx.exe" -vt yazb (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [QdrModule12] "E:\Program Files\QdrModule\QdrModule12.exe" (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [Jhx] E:\WINDOWS\??crosoft\l?gonui.exe (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [Dot1XCfg] E:\Program Files\Dot1XCfg\Dot1XCfg.exe (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [QdrPack12] "E:\Program Files\QdrPack\QdrPack12.exe" (User 'Jason')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26bba9f8a7414e35d506/netzip/RdxIE601.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: fccdeef - fccdeef.dll (file missing)
O20 - Winlogon Notify: khfebay - khfebay.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Unknown owner - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - E:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

End of file - 11023 bytes
View User's Profile View All Posts By User
Custom User Title


Posts: 6630
Registered: 10-8-2002
Location: Deb'n
Theme: KPCH Default Blue
Member Is Offline

Mood: w00t - Lge1 :-))

[*] Post 318661 posted on 30-1-2008 at 03:52 Reply With Quote

Pancake is our resident expert on HJT logs, he'll pop in at some point to give you his expert knowledge...

Hang in there though, because it looks to me like you've got one or two issues that need taking care of, other than just a general tidy up... (But I'm no expert, so will refrain from advising further...)

Welcome to KF btw... Enjoy your stay.

View User's Profile View All Posts By User Daz's Aim This User Has MSN Messenger Daz's Yahoo
Custom User Title


Posts: 537
Registered: 17-4-2006
Location: Victoria Australia
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 318765 posted on 31-1-2008 at 00:02 Reply With Quote

First thing I want you to do before we do any cleaning is to download Service Pack 1.

View User's Profile View All Posts By User
Post new thread Poll:

Guest Notice
You are a guest, as a guest you can only see a maximum of 3 posts per thread.

If you want to see the rest, please click here to register.