Hijack this log please help
Logfile of HijackThis v1.99.0
Scan saved at 9:33:20 AM, on 5/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ISS\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ISS\Binn\sqlagent.EXE
C:\Program Files\ISS\bin\system\service_start.exe
C:\Program Files\ISS\Bin\System\ISSTraceServer.exe
C:\Program Files\ISS\Bin\System\CheckPrimaryStatus.exe
C:\Program Files\ISS\Bin\System\IShipListener.exe
C:\Program Files\ISS\Bin\System\CreditService.exe
C:\Program Files\ISS\Bin\System\MessageListener.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlagent.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\program files\iss\bin\app\ISSHealthCheck.exe
C:\Program Files\Mail Boxes Etc\CMSServices\CMSServices.exe
C:\Program Files\ISS\Bin\App\Watcher.exe
C:\Program Files\ISS\Bin\App\ISSNavigator.exe
C:\PROGRAM FILES\ISS\BIN\APP\TASKLISTENER.EXE
C:\Documents and Settings\Administrator\My Documents\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theupsstore.com/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [POSStartUp] C:\Program Files\ISS\Bin\App\Logon.exe /L
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4392B188-CBA7-4CA8-A24F-31B378B3F4B5} (MSI.AXM) - https://mbe.iship.com/pss005/bin/msi_axm.cab
O16 - DPF: {48032833-56FF-4D44-ACB4-1BBAC4A3D942} (MSI.Printer) - https://mbe.iship.com/pss005/bin/msi_printer.cab
O16 - DPF: {51A4A871-14C1-40F1-8E24-8CA7CF6D620B} (MSI.Scale) - https://mbe.iship.com/pss005/bin/msi_scales.cab
O16 - DPF: {5B37ABB0-9FC0-4FA1-B2F9-95CC9A088D3C} (MSI.Ports) - https://mbe.iship.com/pss005/bin/msi_portenum.cab
O16 - DPF: {5C8F2A10-0C1B-4499-870E-6C0573AFF7BF} (MSI.csz_TDatabase ) - https://mbe.iship.com/pss005/bin/msi_cszapi.cab
O16 - DPF: {5CD04B10-040B-4929-9195-066894576CA9} (MSI.Registry) - https://mbe.iship.com/pss005/bin/msi_registry.cab
O16 - DPF: {66407C2E-2514-11D3-82F4-00A0C9D57E74} (MSI.cms_CSZ) - https://mbe.iship.com/pss005/bin/cms_csz.cab
O16 - DPF: {7EB52C24-2ED3-47DA-8845-3673931B22F9} (MSI_LabelManager Object) - https://mbe.iship.com/pss005/bin/msi_label.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.webcensus.net/dl/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A12552C3-8947-11D1-9D49-00A02475D4E0} (MSI.sss_ShippingStationServices) - https://mbe.iship.com/pss005/bin/msi_shippingstation.cab
O16 - DPF: {B1234A37-C3D2-4EA1-BC14-054BC2F22807} (MSI.ClientPOS) - https://mbe.iship.com/pss005/bin/msi_posclient.cab
O16 - DPF: {BB7FDAE3-7188-45EC-84AD-E85777F96E2A} (MSI.ofl_TRatingX ) - https://mbe.iship.com/pss005/bin/msi_ratingx.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://financialplanner.mbe.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {F6F81E1B-2A96-491A-AEFA-6D7A0BA1CB38} (MSI.ClientScriptTools) - https://mbe.iship.com/pss005/bin/msi_cst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75FB3B8E-F9A3-4232-A05F-2AB74C12E294}: NameServer = 206.13.30.12,206.13.29.12
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSLoader - Unknown - C:\Program Files\ISS\bin\system\service_start.exe
O23 - Service: ISS Messaging Service - ISS Retail, Inc. - C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
O23 - Service: ISSStartServices - Unknown - C:\Program Files\ISS\bin\system\StartServices.exe
O23 - Service: ISS Retail Trace Server - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
O23 - Service: ISS Trace File Maintenance - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
O23 - Service: ISS Trace Monitor Host - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSG Printer Tools - Mail Boxes Etc. - c:\program files\ups\tsg printer tools\tsg.tools.printers.service.exe
O23 - Service: ZServices v1.0.91 - Mail Boxes Etc./Technology - C:\Program Files\Mail Boxes Etc\Z Services 1.0\ZServices.exe
Scan saved at 9:33:20 AM, on 5/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ISS\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ISS\Binn\sqlagent.EXE
C:\Program Files\ISS\bin\system\service_start.exe
C:\Program Files\ISS\Bin\System\ISSTraceServer.exe
C:\Program Files\ISS\Bin\System\CheckPrimaryStatus.exe
C:\Program Files\ISS\Bin\System\IShipListener.exe
C:\Program Files\ISS\Bin\System\CreditService.exe
C:\Program Files\ISS\Bin\System\MessageListener.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MBE\Binn\sqlagent.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\program files\iss\bin\app\ISSHealthCheck.exe
C:\Program Files\Mail Boxes Etc\CMSServices\CMSServices.exe
C:\Program Files\ISS\Bin\App\Watcher.exe
C:\Program Files\ISS\Bin\App\ISSNavigator.exe
C:\PROGRAM FILES\ISS\BIN\APP\TASKLISTENER.EXE
C:\Documents and Settings\Administrator\My Documents\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theupsstore.com/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [POSStartUp] C:\Program Files\ISS\Bin\App\Logon.exe /L
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4392B188-CBA7-4CA8-A24F-31B378B3F4B5} (MSI.AXM) - https://mbe.iship.com/pss005/bin/msi_axm.cab
O16 - DPF: {48032833-56FF-4D44-ACB4-1BBAC4A3D942} (MSI.Printer) - https://mbe.iship.com/pss005/bin/msi_printer.cab
O16 - DPF: {51A4A871-14C1-40F1-8E24-8CA7CF6D620B} (MSI.Scale) - https://mbe.iship.com/pss005/bin/msi_scales.cab
O16 - DPF: {5B37ABB0-9FC0-4FA1-B2F9-95CC9A088D3C} (MSI.Ports) - https://mbe.iship.com/pss005/bin/msi_portenum.cab
O16 - DPF: {5C8F2A10-0C1B-4499-870E-6C0573AFF7BF} (MSI.csz_TDatabase ) - https://mbe.iship.com/pss005/bin/msi_cszapi.cab
O16 - DPF: {5CD04B10-040B-4929-9195-066894576CA9} (MSI.Registry) - https://mbe.iship.com/pss005/bin/msi_registry.cab
O16 - DPF: {66407C2E-2514-11D3-82F4-00A0C9D57E74} (MSI.cms_CSZ) - https://mbe.iship.com/pss005/bin/cms_csz.cab
O16 - DPF: {7EB52C24-2ED3-47DA-8845-3673931B22F9} (MSI_LabelManager Object) - https://mbe.iship.com/pss005/bin/msi_label.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.webcensus.net/dl/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A12552C3-8947-11D1-9D49-00A02475D4E0} (MSI.sss_ShippingStationServices) - https://mbe.iship.com/pss005/bin/msi_shippingstation.cab
O16 - DPF: {B1234A37-C3D2-4EA1-BC14-054BC2F22807} (MSI.ClientPOS) - https://mbe.iship.com/pss005/bin/msi_posclient.cab
O16 - DPF: {BB7FDAE3-7188-45EC-84AD-E85777F96E2A} (MSI.ofl_TRatingX ) - https://mbe.iship.com/pss005/bin/msi_ratingx.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://financialplanner.mbe.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {F6F81E1B-2A96-491A-AEFA-6D7A0BA1CB38} (MSI.ClientScriptTools) - https://mbe.iship.com/pss005/bin/msi_cst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75FB3B8E-F9A3-4232-A05F-2AB74C12E294}: NameServer = 206.13.30.12,206.13.29.12
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSLoader - Unknown - C:\Program Files\ISS\bin\system\service_start.exe
O23 - Service: ISS Messaging Service - ISS Retail, Inc. - C:\Program Files\ISS Messaging\Bin\ISS.Messaging.Shell.NTService.exe
O23 - Service: ISSStartServices - Unknown - C:\Program Files\ISS\bin\system\StartServices.exe
O23 - Service: ISS Retail Trace Server - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSRetailTraceServer.exe
O23 - Service: ISS Trace File Maintenance - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSTraceFileMaintenance.exe
O23 - Service: ISS Trace Monitor Host - ISS Retail, Inc. - C:\Program Files\ISS Trace\Bin\ISSTraceMonitorHost.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSG Printer Tools - Mail Boxes Etc. - c:\program files\ups\tsg printer tools\tsg.tools.printers.service.exe
O23 - Service: ZServices v1.0.91 - Mail Boxes Etc./Technology - C:\Program Files\Mail Boxes Etc\Z Services 1.0\ZServices.exe
0
This discussion has been closed.
Comments
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - Default URLSearchHook is missing
But other than that I don't see any problems in your log.