Community Forum

HJT log, thanks

Xfinity Forum Archive
About the archive project

Xfinity Forum Archive...

This is an archived section of the community.

Content in this area has been identified as outdated or irrelevant.

This change was done in an effort to make the forum easier to use and to keep only the most helpful and recent content active.

Post your questions in the Xfinity Community

Not applicable

HJT log, thanks

Logfile of HijackThis v1.98.0
Scan saved at 3:43:51 PM, on 3/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Joey\Desktop\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O4 - HKLM\..\Run: C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: C:\Program Files\ISP40\hta\station.sbrt
O4 - HKLM\..\Run: "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: CTHELPER.EXE
O4 - HKLM\..\Run: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\RunOnce: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://evans.devilsheadresort.com/activex/AxisCamControl.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v51/h2hpool/h2hpool.cab
Not applicable

Re: HJT log, thanks

i havent done this in a while, but my computer has been acting up lately. I think i did all i was supposed to, if not let me know and id be glad to do it.

thanks,

joe
Most Valued Poster

Re: HJT log, thanks

New Guy, you will be asked to get this anyway, sooooo
http://www.spywareinfo.com/downloads/tools/HijackThis.exe Newest version

Naddie D
Image Hosted by ImageShack.us
Valued Contributor

Re: HJT log, thanks

New guy,

1. You might want to move HijackThis to a permanent folder off the desktop.

2. Go to the "Control Panel" and use "Add/Remove Programs" to uninstall:

a. Any "Viewpoint" entries, most likely "ViewPoint Manager".

b. Comcast Support files under "Comcast Support", "Support.com", "Broadjump", or "Tioga".

3. Reboot into Safe Mode - How do I boot into "Safe" mode?

4. Make sure your Windows Explorer Folder Settings are as follows:

(To access them, go "Tools" > "Folder Options" > "View")

a. "Show hidden files and folders" should be checked.
b. "Hide extensions for known file types" should be unchecked.
c. "Hide protected operating system files" should be unchecked.


5. Make sure all application windows are closed. Run another HijackThis scan from its permanent location. Check the below items for removal. Once all are checked, click the "Fix checked" button. When the fix completes, close HijackThis.

Fix these items:
-------------------------------------------------------

---> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com

---> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp

---> O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)

---> O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)

---> O4 - HKLM\..\Run: "C:\Program Files\Support.com\bin\tgcmd.exe" /server

---> O4 - HKLM\..\Run: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

-------------------------------------------------------


6. While still in "Safe Mode", remove the following files/folders:

a. The folder "Viewpoint" in "C:\Program Files".

b. The folder "Support.com" in "C:\Program Files".


7. Run a "Full Custom" scan with an updated Ad-aware and let it fix anything it finds. "How do I do a Full Custom" scan.


8. Reboot your computer into Normal Mode and run another HijackThis scan. Post the new log here.
Not applicable

Re: HJT log, thanks

Ok, will do....thank you so much