can someone help me, computer seems to be running slow. i'm i clean, does anything need to be fixed? Please help thank you Logfile of HijackThis v1.98.2 Scan saved at 7:25:22 AM, on 4/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\shicoxp.exe C:\WINDOWS\caxchg.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\wuauclt.exe D:\jam\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 StartupList report, 4/7/2006, 7:25:44 AM StartupList version: 1.52.2 Started from : D:\jam\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\shicoxp.exe C:\WINDOWS\caxchg.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\wuauclt.exe D:\jam\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray = C:\WINDOWS\System32\igfxtray.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe AGRSMMSG = AGRSMMSG.exe PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe shicoxp = C:\WINDOWS\shicoxp.exe caxchg = C:\WINDOWS\caxchg.exe SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Logitech Utility = Logi_MwX.Exe EPSON Stylus Photo RX500 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500" vptray = C:\Program Files\NavNT\vptray.exe AnyDVD = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SpySweeper = -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} EarthLink ScamBlocker V2 - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll - {15F4D456-5BAA-4076-8486-EECB38CD3E57} EarthLink PopUp Blocker V2 - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll - {512ACF1B-64D9-4928-B382-A80556F28DB4} (no name) - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll - {656EC4B7-072B-4698-B504-2A414C1F0037} Earthlink Protection BHO - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll - {9579D574-D4D8-4335-9560-FE8641A013BD} Uninstall Legacy Earthlink Toolbar - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll - {E713904C-DF05-4C79-BBAD-02DB923253BE} -------------------------------------------------- Enumerating Download Program Files: [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 -------------------------------------------------- Enumerating Winsock LSP files: Protocol #1: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll Protocol #2: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll Protocol #3: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll Protocol #9: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 5,393 bytes Report generated in 0.046 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
Hello attewode, i will be helping you with the log ;D You have no propper security software apart from this "Earthlink" BHO. Please install ONE Anti virus and Firewall (very important!!): Anti virus AVG This is my pick, excelent anti virus. Download AVG anti virus--> http://free.grisoft.com/doc/2/lng/us/tpl/v5 Avast Another excelent program, does the job without any problems but i prefere AVG download Avast --> http://www.avast.com/i_idt_1018.html Escan An excelent tool, takes care of viruses no problem but has no realtime protection, very usefull to have in combination woth any of theese AV's. Escan --> http://www.spywareinfo.dk/download/mwav.exe AntiVir - http://www.free-av.com/ and ClamWin - http://www.clamwin.com/ These are also able anti virus's, personaly id go for AVG here as i think its top. ================================================================= [bold]Zone alarm free[/bold] Excelent firewall, easy the best freeware firewall and evern better than some paid for firewalls. Download Zone alarm free: http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp [bold]Agnitum firewall[/bold] Agnitum firewall is also a good firewall, i prefere zone alarm though, does the job fine and worth a try. download Agnitum: http://www.agnitum.com/products/outpostfree/download.php [bold]Kerio firewall[/bold] Kerio personal firewall is good too but i dont know their situiation, they are about to be aquired by sun belt firewall but i think they are continuing the firewall. Download kerio personal firewall: http://www.kerio.com/kpf_download.html id go for zone alarm free out of all of them, excelent firewall. Theese are also able firewalls: Jetico Personal Firewall http://www.jetico.com/index.htm#/jpfirewall.htm SoftPerfect Personal Firewall http://www.softperfect.com/products/firewall/ Wyvern Firewall 2004 http://www.wyvernworks.com/firewall.html ================================================== Install one from the Anti virus catorgory and one from the FireWall catorgory. Remember when you've installed the new firewall please turn off the sp2 XP firewall (controll pannel>Security centre>windows xp firewall OFF) Then please make sure you are running the latest HJT from a folder in your comp like c:\program file\HijackThis\, your HJT is very out dated please install the newest version here: http://www.download.com/3000-8022-10227353.html After your clean please follow my guide and get your self secure with some anti spyware etc.. You should'nt even attempt a fix untill the person has the latest version of HJT and has placed it in a folder on there comp.. See you soon.. EDIT: Spelling..
I have spyware, popup blocker (provided with earthlink on their toolbar when I’m on the Internet, I believe it was not on but on now). My firewall is on windows and is now running as well. Also I have corporate edition of Norton that is running (with real-time protection new still trying to figure it out) and is update frequently. I will download the new hijackthis and get the log, can you check me then? Thanks
I strongly suggest you dont rely on your earth link tool bar to protect you from spyware, please use MicroSoft AntiSpyware or Java cools Spyware Blaster. I'd suggest that you leave Internet Explorer and use Mozzila Firefox, how do you feel about that ? if you need to keep IE then i will tell you how to secure it after your clean. Yeh i know i saw that, the thing if the windows firewall only works "one way" meaning that you will get much more effective protection out of a full software one like im my last post, please use one of them. I can't see it running in your log attewode. No problem
Thanks for the help, after i get all fixed up i'm going to download stuff. thanks for all the links. i download the new hijackthis here is my log. thanks again for all the help i really appreciate it. Logfile of HijackThis v1.99.1 Scan saved at 3:27:10 PM, on 4/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\shicoxp.exe C:\WINDOWS\caxchg.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\MsgSys.EXE C:\Jam\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS StartupList report, 4/7/2006, 3:28:06 PM StartupList version: 1.52.2 Started from : C:\Jam\hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\shicoxp.exe C:\WINDOWS\caxchg.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\MsgSys.EXE C:\Jam\hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray = C:\WINDOWS\System32\igfxtray.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe AGRSMMSG = AGRSMMSG.exe PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe shicoxp = C:\WINDOWS\shicoxp.exe caxchg = C:\WINDOWS\caxchg.exe SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Logitech Utility = Logi_MwX.Exe EPSON Stylus Photo RX500 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500" vptray = C:\Program Files\NavNT\vptray.exe AnyDVD = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SpySweeper = -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} EarthLink ScamBlocker V2 - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll - {15F4D456-5BAA-4076-8486-EECB38CD3E57} EarthLink PopUp Blocker V2 - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll - {512ACF1B-64D9-4928-B382-A80556F28DB4} (no name) - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll - {656EC4B7-072B-4698-B504-2A414C1F0037} Earthlink Protection BHO - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll - {9579D574-D4D8-4335-9560-FE8641A013BD} Uninstall Legacy Earthlink Toolbar - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll - {E713904C-DF05-4C79-BBAD-02DB923253BE} -------------------------------------------------- Enumerating Download Program Files: [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 -------------------------------------------------- Enumerating Winsock LSP files: Protocol #1: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll Protocol #2: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll Protocol #3: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll Protocol #9: C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 5,338 bytes Report generated in 0.046 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
