My Hijack Log
 
  Tweaks.com
 Home    Members    Calendar    Who's On    
Search
    Main Site
 


Home » Windows & System Security » HiJack This Logs » My Hijack Log


My Hijack LogExpand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
fletch23
Posted 12/13/2003 7:43 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 12/13/2003 7:41 PM
Posts: 1, Visits: 1

hi, Hijackthis says ask the experts to look at your log so that's what I'm doing. I just ran adaware and it found a bunch of stuff that search and destroy missed. I was getting popups from somewhere and couldn't find out where. Here's the log.


Logfile of HijackThis v1.97.7
Scan saved at 7:39:11 PM, on 12/13/2003
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Search Engine Commando\ScheduleService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jim\Desktop\HijackThis.exe


R3 - URLSearchHook: (no name) - {AA460422-2CEF-400f-AA05-F63368E04706} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://"); (C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\uppvrhc4.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\uppvrhc4.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3DF73DF8-41E2-4fc2-8CBF-4B9407433755} - C:\WINDOWS\System32\AlxTB.dll
O2 - BHO: (no name) - {5EE94DC0-6EF1-4BF3-3ED2-EBBEBD1D06AC} - C:\WINDOWS\system32\bfbkegms.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D8EA9455-1C4C-E4CC-6BAC-EC49414DAC71} - C:\WINDOWS\system32\eisjujvn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Summarize Using Copernic Summarizer - C:\Program Files\Copernic Summarizer\Web\SummarizePage.htm
O8 - Extra context menu item: Write a Review... - res://alxtb.dll/review.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Summarize (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Summarize Using Copernic Summarizer (HKLM)
O16 - DPF: DigiChat Applet - http://host6.digichat.com/DigiChat/DigiClasses/SignedClient.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.djvu.com/plugins/en_US/DjVuControl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://demos.mapssystem.net/demos/riverside/LPControl.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/beta/appdl.cab
O16 - DPF: {532217E3-860C-4EEE-8BBD-3F342DCD9AE9} - http://www.hitgo.com/pop/InPop.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/161204d8f39c7cb69017/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {7BC974EF-A718-4A17-B77E-4C8DBC327AFA} (SCE Control) - http://www.voloper.com/sce/editor.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8DAE7A62-4632-4691-805C-0338A5F26F9D} (Spam Arrest Email Configurator Download) - http://spamarrest.com/xcarab/10013/saclient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs6b.instantservice.com/jars/customerxsigned35.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37872.2558796296
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivex.ocx
O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://activex.microsoft.com/activex/controls/agent2/tv_enua.exe
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.44464111328125&file=stamps.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/ieplugin.CAB


 


 
Post #7305
Bulldog
Posted 12/13/2003 7:43 PM


Senior Forum Advisor

Senior Forum AdvisorSenior Forum AdvisorSenior Forum AdvisorSenior Forum AdvisorSenior Forum AdvisorSenior Forum AdvisorSenior Forum AdvisorSenior Forum AdvisorSenior Forum AdvisorSenior Forum Advisor

Group: Senior Advisor
Last Login: 12/4/2005 12:31 AM
Posts: 4,743, Visits: 5

Hi fletch23, welcome.


First: http://www.answersthatwork.com/Tasklist_pages/tasklist_n.htm
C:\WINDOWS\Nhksrv.exe
Netropa Hotkey Server task seen only on DELL and Compaq PCs running Windows NT4/2000/XP.  Our understanding is that this task prevents any hotkeys you configured via the Netropa/Dell hotkeys configuration software, from working when your PC is locked by a screensaver.

Recommendation :
NHKSRV is sometimes responsible for literally eating up CPU cycles, up to 90% CPU usage sometimes.  So, although NHKSRV is effectively a security feature, you may need to disable it and possibly completely disable hotkey support altogether.  To disable, use Starter, or if you cannot see NHKSRV in Starter, go to "Control Panel \ Services" in WinNT4, or "Control Panel \ Administrative Tools \ Services" in Win2000/XP to set this service to "Manual".


And, what do you have disabled through Msconfig ? It may be something that added the following *nasties*

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.


R3 - URLSearchHook: (no name) - {AA460422-2CEF-400f-AA05-F63368E04706} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://"); (C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\uppvrhc4.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\uppvrhc4.slt\prefs.js)
O2 - BHO: (no name) - {3DF73DF8-41E2-4fc2-8CBF-4B9407433755} - C:\WINDOWS\System32\AlxTB.dll
O2 - BHO: (no name) - {5EE94DC0-6EF1-4BF3-3ED2-EBBEBD1D06AC} - C:\WINDOWS\system32\bfbkegms.dll
O2 - BHO: (no name) - {D8EA9455-1C4C-E4CC-6BAC-EC49414DAC71} - C:\WINDOWS\system32\eisjujvn.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Unless you are worried about someone with access to your machine making changes, I would remove these. They are otherwise pretty useless:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF:  <-- TOO many for me to want to go through. Any you dont recognize ...put a check beside them.
IF they are needed, you will be prompted to install them again (activeX) when you revisit the corresponding web pages.

Reboot.



Cheers
Post #61963
« Prev Topic | Next Topic »


Reading This TopicExpand / Collapse

All times are GMT -6:00, Time now is 6:56pm

Powered By InstantForum.NET v4.1.4 © 2008
Execution: 0.094. 11 queries. Compression Enabled.

Contact APCM - About APCM - Terms of Use - Privacy Policy

site statistics

© 2005, 2006 Advanced PC Media LLC, All rights reserved. Tweaks.com is a trademark of Advanced PC Media LLC.
Microsoft Windows is a registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses
or is affiliated with Tweaks.com. All other products mentioned are registered trademarks and/or trademarks of their respective companies.