Options
Please review the highjackthis log file.
I am not sure if I did something wrong, but for some reason no one is answering my post, I hope I didn't offend anyone in anyway in the mannar I requested for help, but please help.
Thanks again
To all the experts here, thank you in advance for looking at the hijackthis log that I am posting. I have benefited many times from the expertise on this website a few month back and I guess I am back for that great help again. Please look at the log below and let me know which ones I need to take off. Thank you again
Al
P.S. I followed the instructions on the sticky regarding CWshereder, Ad-aware and spy-bot prior to running hijackthis.
Logfile of HijackThis v1.98.2
Scan saved at 8:26:36 PM, on 7/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\m?hta.exe
C:\Program Files\aisa\uati.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\WINDOWS\System32\svchost.exe
C:\albert\utilities\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {EB9532E8-67A3-C76C-1752-A51D74DCC719} - TorontoMail.dll (file missing)
O2 - BHO: Name - {4E1E0735-9115-4489-B256-7870A07D28BD} - C:\WINDOWS\System32\msczd.dll (file missing)
O2 - BHO: Name - {54D45C8C-E1E1-4845-8962-6F0DEB0382F6} - C:\WINDOWS\System32\msczd.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Name - {978F4EA7-5F73-4609-A097-2812AF77968E} - C:\WINDOWS\System32\msczd.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Name - {B5A5A18A-CAE6-40DB-B327-0CD6FFDA619B} - C:\WINDOWS\System32\msczd.dll (file missing)
O2 - BHO: Name - {CF256211-F0B9-48BA-AF39-E2FD2DFAF09A} - C:\WINDOWS\System32\msczd.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [DCC_send] TRPT.exe
O4 - HKLM\..\Run: [ExchangeMaster] WinInitDll.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CP32NOT] C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [slamm] trycrt.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Zujafve] C:\WINDOWS\System32\m?hta.exe
O4 - HKCU\..\Run: [Core] C:\Program Files\aisa\uati.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04522767-F0B8-4212-B8CD-DFE0C6CF1D60}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A88E581-ED3D-4699-B476-E1A1CDA62F38}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6EEC9D4-4CAB-4276-A75B-7F19785A26C1}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{C430C37C-D32E-4449-9D6C-EA1E551A5935}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{04522767-F0B8-4212-B8CD-DFE0C6CF1D60}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{04522767-F0B8-4212-B8CD-DFE0C6CF1D60}: NameServer = 69.50.176.196,195.225.176.37
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
Thanks again
To all the experts here, thank you in advance for looking at the hijackthis log that I am posting. I have benefited many times from the expertise on this website a few month back and I guess I am back for that great help again. Please look at the log below and let me know which ones I need to take off. Thank you again
Al
P.S. I followed the instructions on the sticky regarding CWshereder, Ad-aware and spy-bot prior to running hijackthis.
Logfile of HijackThis v1.98.2
Scan saved at 8:26:36 PM, on 7/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\m?hta.exe
C:\Program Files\aisa\uati.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\WINDOWS\System32\svchost.exe
C:\albert\utilities\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {EB9532E8-67A3-C76C-1752-A51D74DCC719} - TorontoMail.dll (file missing)
O2 - BHO: Name - {4E1E0735-9115-4489-B256-7870A07D28BD} - C:\WINDOWS\System32\msczd.dll (file missing)
O2 - BHO: Name - {54D45C8C-E1E1-4845-8962-6F0DEB0382F6} - C:\WINDOWS\System32\msczd.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Name - {978F4EA7-5F73-4609-A097-2812AF77968E} - C:\WINDOWS\System32\msczd.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Name - {B5A5A18A-CAE6-40DB-B327-0CD6FFDA619B} - C:\WINDOWS\System32\msczd.dll (file missing)
O2 - BHO: Name - {CF256211-F0B9-48BA-AF39-E2FD2DFAF09A} - C:\WINDOWS\System32\msczd.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [DCC_send] TRPT.exe
O4 - HKLM\..\Run: [ExchangeMaster] WinInitDll.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CP32NOT] C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [slamm] trycrt.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Zujafve] C:\WINDOWS\System32\m?hta.exe
O4 - HKCU\..\Run: [Core] C:\Program Files\aisa\uati.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04522767-F0B8-4212-B8CD-DFE0C6CF1D60}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A88E581-ED3D-4699-B476-E1A1CDA62F38}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6EEC9D4-4CAB-4276-A75B-7F19785A26C1}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{C430C37C-D32E-4449-9D6C-EA1E551A5935}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{04522767-F0B8-4212-B8CD-DFE0C6CF1D60}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{04522767-F0B8-4212-B8CD-DFE0C6CF1D60}: NameServer = 69.50.176.196,195.225.176.37
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
0
Comments