0

I have similar problem here is my log

Logfile of HijackThis v1.99.0
Scan saved at 10:41:37 AM, on 12/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Norton AntiVirus\SAVScan.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\QuickTime\qttask.exe
F:\Webroot\Washer\wwDisp.exe
F:\Program Files\ScanSuite\SDetect.exe
F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Documents and Settings\C Bruce\Palm\hotsync.exe
F:\Program Files\Copernic Agent\CopernicAgent.exe
F:\DOCUME~1\CBRUCE~1\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\WinRAR\WinRAR.exe
F:\DOCUME~1\CBRUCE~1\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - F:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] F:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kalvsys] F:\windows\system32\kalvyif32.exe
O4 - HKCU\..\Run: [Window Washer] F:\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MoneyAgent] "F:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: HotSync Manager.lnk = F:\Documents and Settings\C Bruce\Palm\hotsync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Detector.lnk = F:\Program Files\ScanSuite\SDetect.exe
O4 - Global Startup: Service Manager.lnk = F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - F:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098477761936
O23 - Service: Adobe LM Service - Unknown - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - F:\Program Files\Adobe\Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

3
Contributors
2
Replies
3
Views
12 Years
Discussion Span
Last Post by dlh6213
0

crumba428. We ask that our members not tag on to other members threads. Even though you may be experiencing similar problems, each one is unique to ones PC. Splitting yours out to your own thread :).

0

Crumba, before fixing anything with hijackthis, you need to put it in it's own pemanent folder (right now you have it in a Temp folder); something like c:\hjt\hijackthis.

Also, close all browser windows when scanning with HJT.

After you've put HJT in it's own folder, close all browser windows, scan with HJT, and post a new log please.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.