jenbar3 0 Posted June 14, 2004 Hi all! I am new hear and I found this site on Google. I am having serious freezes and I know I am infected. Can anyone tell me what it is in my Hijack This log file? If not can you please tell me where to go where someone might be able to help me? THANKS! 8) Logfile of HijackThis v1.97.7 Scan saved at 10:46:16 PM, on 6/13/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\ehome\ehtray.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\shwicon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\MacOpener\MacName.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\System32\gearsec.exe C:\Program Files\MacOpener\FORMATM.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Documents and Settings\Administrator\My Documents\My Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://office.microsoft.com/clipart/default.aspx?Origin=EC790014051033&CTT=6 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB002" /M "Stylus Photo R800" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3.20/videoblackjack/videoblackjack-ob-assets.cab O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.4.18/cribbage/cribbage-ob-assets.cab O16 - DPF: Double Deuce [censored] by pogo - http://doublebonus.pogo.com/applet-5.8.2.19/video[censored]2/doubledeuce-ob-assets.cab O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3.26/euchre/euchre-ob-assets.cab O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.4.18/gin/gin-ob-assets.cab O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.24/freecell/freecell-ob-assets.cab O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/flinger/flinger-ob-assets.cab O16 - DPF: Pirate's Gold by pogo - http://solitaire22.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.4.18/poppit/poppit-ob-assets.cab O16 - DPF: Sweet Tooth TM by pogo - http://solitaire15.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab O16 - DPF: Texas Hold'em [censored] by pogo - http://holdem2.pogo.com/applet-5.8.3.26/holdem/holdem-ob-assets.cab O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.2.19/peaks/peaks-ob-assets.cab O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.19/wordwhomp/wordwhomp-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8.3.20/whackdown/whackdown-ob-assets.cab O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab Share this post Link to post
alfredbj 0 Posted June 14, 2004 Have you tryed Ad Aware and spybot? they will remove the spyware from your computer? Share this post Link to post
jenbar3 0 Posted June 16, 2004 Thanks to both of you! Yes I use both spybot and adaware, but I have found that they just remove them temporarily, but if I delete the process that is running that it usually takes care of them for good, I hope, I think? I just don't know how to read which ones are ok and which ones aren't so thanks so much for the feedback! I will try your suggestions. Share this post Link to post
iq454 0 Posted September 10, 2004 Originally posted by AlecStaar: Bet they wouldn't think it was so funny if one of their "monsters" pulled a Frankenstein monster on them & wrecked their own work, or the work for say a crucial deadline @ school or on the job for a relative either! ROF, that's classic HHH.... Hijacker got Hijacked from his own Hijack Share this post Link to post