 | Hi all,
I've been trying to get rid of a blue toolbar on the bottom of my
desktop. I have Ad-aware, Spybot S&D, AVG running. Could someone check
my Hijackthis log and provide me with wise advice on what to fix? Your
help is truly appreciated.
Thanks
Mli
Logfile of HijackThis v1.98.2
Scan saved at 12:42:07 AM, on 1/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\system32\SahAgent.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Gtiae\Etortt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis - against spyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.umantokdpybhkhiibrn.com/cSMBLB5wZzRmB_TizIDAbppdzfSzyjnDVCZw5BKFWYpWa97g1GLpKLiu2D7eiZPI.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}
- (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- C:\WINDOWS\system32\msbe.dll
O2 - BHO: (no name) - {FDF96CC2-6EBE-E33A-9C09-3209AE87F197} -
C:\DOCUME~1\Owner\APPLIC~1\INSIDE~1\hide five.exe
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no
file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [c06a61557c47] C:\WINDOWS\System32\cehelper.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\system32\SahAgent.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Rnsxmelq] C:\Program Files\Gtiae\Etortt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IdleTypeInterMapi] C:\Documents and Settings\All
Users\Application Data\RULE NURB IDLE TYPE\One Bold.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
/nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [modedate] C:\DOCUME~1\Owner\APPLIC~1\BOOBAR~1\Exit
Global.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.0_01) -
|
|
