hijack log

Discussion in 'adware, spyware & hijack cleaning' started by Colm, Mar 21, 2004.

Thread Status:
Not open for further replies.
  1. Colm

    Colm Guest

    used skybot first
    then hijavk this

    dont know if i have any issues

    Logfile of HijackThis v1.97.7
    Scan saved at 11:00:54 PM, on 21-03-04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
    C:\WINDOWS\SYSTEM\FEELITDM.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\CCPXYSVC.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\O-CARD\OIC.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
    C:\WINDOWS\SYSTEM\PROMON.EXE
    C:\WINDOWS\SYSTEM\USBTAPNP.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLCONF.EXE
    C:\PROGRAM FILES\ZIPCD\DIRECTCD.EXE
    C:\PROGRAM FILES\LOGITECH\WINGMAN PROFILER\LWEMON.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    D:\PROGRAM FILES\SURROUND MIXER\CTSYSVOL.EXE
    C:\WINDOWS\SYSTEM\CTHELPER.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\INKLINE GLOBAL\PC BOOSTER\PCBOOSTER.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE_97\OFFICE\OSA.EXE
    C:\PROGRAM FILES\SCANBUTTON 2.4\SCANBUTTON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 3.0 SE\CALCHECK.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SEIKO\SLPCAP.EXE
    C:\PROGRAM FILES\PKWARE\PKZIPO\PKTRAY.EXE
    C:\PROGRAM FILES\REGISTER\REMIND32.EXE
    C:\WINDOWS\SYSTEM\E_S10IC2.EXE
    C:\WINDOWS\Twunk_16.exe
    C:\MY DOCUMENTS\MY ACCESS DATABASES\HIJACKTHIS.EXE

    O2 - BHO: O-Card Utility - {B88D6F42-A1AC-11D3-8424-00105A9B8D85} - C:\WINDOWS\SYSTEM\OICHLPR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [O-Card] C:\PROGRA~1\O-CARD\oic.exe
    O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
    O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\system\usbtapnp.exe
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\LwEmon.exe /noui"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLCONF.EXE"
    O4 - HKLM\..\Run: [CTStartup] "C:\PROGRAM FILES\CREATIVE\SPLASH SCREEN\CTEaxSpl.EXE" /run
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ZipCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
    O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O4 - HKLM\..\RunServices: [FEELitDeviceManager] C:\WINDOWS\SYSTEM\FEELitDM.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security Professional\NISUM.EXE
    O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [EPSON Stylus C70 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_S6270.TMP"
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office_97\Office\OSA.EXE
    O4 - Startup: ScanButton 2.4.lnk = C:\Program Files\ScanButton 2.4\ScanButton.exe
    O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    O4 - Startup: Voice Alarm.lnk = C:\Program Files\LHSP\TalkingTools\VALARM.exe
    O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
    O4 - Startup: Iomega QuikSync.lnk = C:\Program Files\ZipCD\QuikSync\QUIKSYNC.EXE
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O4 - Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPO\PKTray.exe
    O4 - Startup: Corel Registration.lnk = C:\Program Files\Register\Remind32.exe
    O4 - User Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O4 - User Startup: Office Startup.lnk = C:\Program Files\Microsoft Office_97\Office\OSA.EXE
    O4 - User Startup: ScanButton 2.4.lnk = C:\Program Files\ScanButton 2.4\ScanButton.exe
    O4 - User Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    O4 - User Startup: Voice Alarm.lnk = C:\Program Files\LHSP\TalkingTools\VALARM.exe
    O4 - User Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
    O4 - User Startup: Iomega QuikSync.lnk = C:\Program Files\ZipCD\QuikSync\QUIKSYNC.EXE
    O4 - User Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - User Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O4 - User Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - User Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPO\PKTray.exe
    O4 - User Startup: Corel Registration.lnk = C:\Program Files\Register\Remind32.exe
    O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\OFFICE\1033\PHDINTL.DLL/phdContext.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .tif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O13 - WWW. Prefix: http://
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37862.4734490741
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hi Colm,

    Welcome to Wilders!!!

    I am a helper here and your log looks clean to me. Just be patient though, and an expert will be along shortly to verify this. Due to time zone differences, it may be 12 hours or so before you get a reply.

    HTH....

    Regards,
    Kent
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Agreed. I can't find anything wrong either.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.