Community Forum

Hijack this results- help plz

Xfinity Forum Archive
About the archive project

Xfinity Forum Archive...

This is an archived section of the community.

Content in this area has been identified as outdated or irrelevant.

This change was done in an effort to make the forum easier to use and to keep only the most helpful and recent content active.

Post your questions in the Xfinity Community

Not applicable

Hijack this results- help plz

here it is, please let me know if i need to get rid of anything, thanks in advance!



Logfile of HijackThis v1.97.7
Scan saved at 9:34:34 AM, on 1/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\ggviewer67-74.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\SMC\SMC.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\shari\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: Logi_MwX.Exe
O4 - HKLM\..\Run: C:\SMC\SMC.exe
O4 - HKCU\..\Run: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D7107300-E42A-4C1C-84EB-4D783E58B88D} (DNInstallerOCX Class) - https://www.speechmachines.org/Installer/InstallerOCX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
Not applicable

Re: Hijack this results- help plz

looks good Smiley Happy

the only odd thing is the location of this file: C:\SMC\SMC.exe

could you verify that you're running the Sygate Firewall?
Not applicable

Re: Hijack this results- help plz

no, im using the one that came with xp
Valued Contributor

Re: Hijack this results- help plz

That's interesting. SMC.exe is the executable for the Sygate Firewall. Did you at any time install the Sygate Firewall? Go to the C:\SMC directory using Windows Explorer, right click on SMC.exe and bring up its "Properties" / "Version" and see who it belongs to.
Contributor

Re: Hijack this results- help plz

hi, this is my mothers computer and she is not able to respond at this time, she said that when she opened it- it just said when it was created, which was on the same day she got comcast?
Valued Contributor

Re: Hijack this results- help plz

There was no "Version" tab available on the Properties display which defines the Company that made it?

This is very suspicious. The Sygate Firewall is standardly installed in "C:\Program Files\Sygate\SPF".

1. Are there any other files in that "C:\SMC" directory which might give any information as to what this is?

2.Is there anything in the Add/Remove programs for SMC?

What you can do is download and run CodeStuff's Starter. This allows you to disable this program from starting and see if your system runs ok without it.
Not applicable

Re: Hijack this results- help plz

there was nothing to add\remove, it said contains one file so i opened it and it is SMC Networks\Consumer site and this is what the page said on 'about SMC'



SMC Networks offers a complete range of flexible, multi-standard networking hardware. As a recognized industry leader for the past 30 years, SMC Networks has set the standard for high-quality, standards-based connectivity and Internet access solutions. SMC's products connect people to the resources they need - home, at work, and everywhere in between.


when i opened it there was an icon on the task bar that came up. i have no idea what this is?

also when i go to exit this a window pops up and asks, do you want to load the update software on start up?
Message was edited by: shari
Not applicable

Re: Hijack this results- help plz

your pc must have a SMC network card installed then...

goto your desktop, right-click 'my computer', select 'manage', then, 'device manager', click the '+' next to 'network adapters'

then it should show which model is installed.

you could probably say 'no' to 'run the update software'
Contributor

Re: Hijack this results- help plz

this is my mother,

it says SMC easy card 10/100 "SMC 1255TX-PF"
so just leave it alone?
Not applicable

Re: Hijack this results- help plz

yes, it's a legitimate item

we just needed to make sure Smiley Happy
Contributor

Re: Hijack this results- help plz

thank you Radio! Smiley Happy