 |  |  |  |  |  |  |  |
HJT log ~ help please! :)
 |
Hi I am a newbie to this Forum... this is actually my very first post! 
I usually get someone else to help me with my logs but she's been really busy lately.. so I did an internet search and came to this site! I was pleased to see that you help with HJT logs!
Here is a log off of my mom's laptop.. she's been having alot of problems lately.. So I would be happy with some help to clean it up.
Logfile of HijackThis v1.97.7
Scan saved at 08:44:38 AM, on 5/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.institutechildrenslit.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...c=2C01&lc=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...c=2C01&lc=1009
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_SE075.TMP"
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...891.6811458333
I also have a start up log from Spybot Search and Distroy.. I will post it here as well if I need to post it in a seperate thread can someone direct me to where I should post it for help. The start up on this laptop takes forever.. any idea on what I can remove to make it shorter..
Spybot-S&D Startup list report, 5/23/2004 09:15:45 AM
Located: HK_CU:Run, MsnMsgr
file: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Located: HK_CU:Run, EPSON Stylus C60 Series
file: C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_SE075.TMP"
Located: HK_CU:RunOnce, QRIA
file: 0
Located: HK_LM:Run, ScanRegistry
file: C:\WINDOWS\scanregw.exe /autorun
Located: HK_LM:Run, TaskMonitor
file: C:\WINDOWS\taskmon.exe
MD5: A23BCA4B69AC68FD410B6AFCCB11AF07
Located: HK_LM:Run, PCHealth
file: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
Located: HK_LM:Run, SystemTray
file: SysTray.Exe
Located: HK_LM:Run, LoadPowerProfile
file: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Located: HK_LM:Run, SynTPLpr
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
MD5: 870741617D9499044B6B2D40FDE6FF88
Located: HK_LM:Run, SynTPEnh
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 5690ED6B5BB3609578781B2169CFCE15
Located: HK_LM:Run, WorksFUD
file: C:\Program Files\Microsoft Works\wkfud.exe
MD5: 9D05D00E8631B7874D164D6DEDD6D801
Located: HK_LM:Run, Microsoft Works Portfolio
file: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Located: HK_LM:Run, LoadQM
file: loadqm.exe
Located: HK_LM:Run, CXMon
file: "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
Located: HK_LM:Run, Share-to-Web Namespace Daemon
file: C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
MD5: D4F5FAA2FD2DC5923C82EE5808BEED7C
Located: HK_LM:Run, Ink Monitor
file: C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
MD5: D85622AE601B456D8E465BEDD5689747
Located: HK_LM:Run, ccApp
file: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Located: HK_LM:Run, Symantec Core LC
file: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
Located: HK_LM:Run, URLLSTCK.exe
file: C:\Program Files\Norton Internet Security\UrlLstCk.exe
MD5: 82AD82D69906784633F51DD7CA2248D8
Located: HK_LM:RunServices, LoadPowerProfile
file: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Located: HK_LM:RunServices, SchedulingAgent
file: mstask.exe
Located: HK_LM:RunServices, SSDPSRV
file: C:\WINDOWS\SYSTEM\ssdpsrv.exe
MD5: 95914D31A0B7001E99A537DC5F563F4D
Located: HK_LM:RunServices, *StateMgr
file: C:\WINDOWS\System\Restore\StateMgr.exe
MD5: 02282C55DC8B1BF1FF1180C98D7337D6
Located: HK_LM:RunServices, StillImageMonitor
file: C:\WINDOWS\SYSTEM\STIMON.EXE
MD5: 902252F831D45763F7711B24ED430785
Located: HK_LM:RunServices, ccEvtMgr
file: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Located: HK_LM:RunServices, ccSetMgr
file: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Located: HK_LM:RunServices, ScriptBlocking
file: "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
Located: HK_LM:RunServices, ccProxy
file: C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
MD5: 0935F7D04466A3D3C91A531A0D8FB7BC
Located: HK_LM:RunServices, SndSrvc
file: C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
MD5: E6D3841A12FACE16E2EBA24E714CA203
Located: Startup (user), PowerReg SchedulerV2.exe
file:
Located: Startup (user), Microsoft Works Calendar Reminders.lnk
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
MD5: 7084B58A098D2F83B304832251A8C6A8
Located: Startup (user), EPSON Status Monitor 3 Environment Check 2.lnk
file: C:\WINDOWS\SYSTEM\E_SRCV02.EXE
MD5: 480A4C03FEF58AF24D840851EDD186F9
Thanks in advance...
I usually get someone else to help me with my logs but she's been really busy lately.. so I did an internet search and came to this site! I was pleased to see that you help with HJT logs!
Here is a log off of my mom's laptop.. she's been having alot of problems lately.. So I would be happy with some help to clean it up.
Logfile of HijackThis v1.97.7
Scan saved at 08:44:38 AM, on 5/23/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.institutechildrenslit.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...c=2C01&lc=1009
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...c=2C01&lc=1009
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_SE075.TMP"
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...891.6811458333
I also have a start up log from Spybot Search and Distroy.. I will post it here as well if I need to post it in a seperate thread can someone direct me to where I should post it for help.
The start up on this laptop takes forever.. any idea on what I can remove to make it shorter.. Spybot-S&D Startup list report, 5/23/2004 09:15:45 AM
Located: HK_CU:Run, MsnMsgr
file: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Located: HK_CU:Run, EPSON Stylus C60 Series
file: C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_SE075.TMP"
Located: HK_CU:RunOnce, QRIA
file: 0
Located: HK_LM:Run, ScanRegistry
file: C:\WINDOWS\scanregw.exe /autorun
Located: HK_LM:Run, TaskMonitor
file: C:\WINDOWS\taskmon.exe
MD5: A23BCA4B69AC68FD410B6AFCCB11AF07
Located: HK_LM:Run, PCHealth
file: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
Located: HK_LM:Run, SystemTray
file: SysTray.Exe
Located: HK_LM:Run, LoadPowerProfile
file: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Located: HK_LM:Run, SynTPLpr
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
MD5: 870741617D9499044B6B2D40FDE6FF88
Located: HK_LM:Run, SynTPEnh
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 5690ED6B5BB3609578781B2169CFCE15
Located: HK_LM:Run, WorksFUD
file: C:\Program Files\Microsoft Works\wkfud.exe
MD5: 9D05D00E8631B7874D164D6DEDD6D801
Located: HK_LM:Run, Microsoft Works Portfolio
file: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Located: HK_LM:Run, LoadQM
file: loadqm.exe
Located: HK_LM:Run, CXMon
file: "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
Located: HK_LM:Run, Share-to-Web Namespace Daemon
file: C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
MD5: D4F5FAA2FD2DC5923C82EE5808BEED7C
Located: HK_LM:Run, Ink Monitor
file: C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
MD5: D85622AE601B456D8E465BEDD5689747
Located: HK_LM:Run, ccApp
file: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Located: HK_LM:Run, Symantec Core LC
file: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
Located: HK_LM:Run, URLLSTCK.exe
file: C:\Program Files\Norton Internet Security\UrlLstCk.exe
MD5: 82AD82D69906784633F51DD7CA2248D8
Located: HK_LM:RunServices, LoadPowerProfile
file: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Located: HK_LM:RunServices, SchedulingAgent
file: mstask.exe
Located: HK_LM:RunServices, SSDPSRV
file: C:\WINDOWS\SYSTEM\ssdpsrv.exe
MD5: 95914D31A0B7001E99A537DC5F563F4D
Located: HK_LM:RunServices, *StateMgr
file: C:\WINDOWS\System\Restore\StateMgr.exe
MD5: 02282C55DC8B1BF1FF1180C98D7337D6
Located: HK_LM:RunServices, StillImageMonitor
file: C:\WINDOWS\SYSTEM\STIMON.EXE
MD5: 902252F831D45763F7711B24ED430785
Located: HK_LM:RunServices, ccEvtMgr
file: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Located: HK_LM:RunServices, ccSetMgr
file: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Located: HK_LM:RunServices, ScriptBlocking
file: "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
Located: HK_LM:RunServices, ccProxy
file: C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
MD5: 0935F7D04466A3D3C91A531A0D8FB7BC
Located: HK_LM:RunServices, SndSrvc
file: C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
MD5: E6D3841A12FACE16E2EBA24E714CA203
Located: Startup (user), PowerReg SchedulerV2.exe
file:
Located: Startup (user), Microsoft Works Calendar Reminders.lnk
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
MD5: 7084B58A098D2F83B304832251A8C6A8
Located: Startup (user), EPSON Status Monitor 3 Environment Check 2.lnk
file: C:\WINDOWS\SYSTEM\E_SRCV02.EXE
MD5: 480A4C03FEF58AF24D840851EDD186F9
Thanks in advance...
|
Similar Threads
- my HJT log, 2 of them for 2 comp (Viruses, Spyware and other Nasties)
- help i've got a HJT log! (Viruses, Spyware and other Nasties)
- another hjt log for jkl (Viruses, Spyware and other Nasties)
- please review hjt log (Viruses, Spyware and other Nasties)
- can somebody pls. help me out with my HJT log.. (Viruses, Spyware and other Nasties)
- My HJT log, please help (about:blank, etc.) (Viruses, Spyware and other Nasties)
- HJT log file for your scrutiny please... (Concerning Bridge.dll) (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: JoeOneEye- prosearching.com problem
- Next Thread: Hijack this log... What do I kill?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
