hijack scan...Logfile of HijackThis v1.97.7
Scan saved at 19:03:33, on 20/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\PeerGuardian_1.99b\pg2.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\setups\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Winsock32driver] win32server.exe
O4 - HKLM\..\Run: [VaCtrl] C:\Program Files\VoiceAge\Common\VaCtrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian_1.99b\pg2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37828.2558680556
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://us.i1.yimg.com/us.yimg.com/i/chat/webcam/v110/yvwrctl.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba1402.exe
2006-09-20 07:08:19 · 8 answers · asked by fish n 1 in Computers & Internet ➔ Internet
And yea i,ve done all the virus scans in safe mode nothing found , (anti v updated aswell) it can be stopped but i then have no sound and it runs again after about 4 hours again takes about 20-40 mins before the comp can be used as 100% processor gets used
2006-09-20 07:19:56 · update #1
tried the msconfig thing in start /run , but cant find anything there with either msn or yahoo in any of the option tabs.
in start up tab all that is there is...
lxsupmon
ccApp
win32server
VaCtrl
atiptaxx
SNDMon
usrprmpt
ccRegVfy
dumprep 0 -k
jusched
qttask
pg2
2006-09-20 07:40:48 · update #2
Try this handy utility/download
http://www.neuber.com/taskmanager/index.html
at least you can eliminate some processes and also search further on exact running tasks
Good luck
2006-09-20 14:23:57 · answer #1 · answered by ME*UK 5 · 0⤊ 1⤋
http://support.microsoft.com/?kbid=314056 is link to microsoft page explaining svchost.exe. some virus scans will label hijackthis as a virus. Its supposed to be a utility to help you secure your system. Norton has a help page about hijackthis. I bet it's your problem. something has added keys to your registry that start up all these instances of svchost. also run msconfig from run console and remove things related to MSN and yahoo from start up then reboot. when message about config changes shows click don't show. Make sure it's not a system process and don't remove them. Anything from another application will start when you click on its icon and doesn't need to run at startup. If you remove the wrong thing run msconfig again and add it back then reboot. but run virus and spyscans first and research hijackthis
2006-09-20 07:25:51 · answer #2 · answered by Anonymous · 1⤊ 1⤋
Myra do you nevertheless think of you does no longer lose interest in case you have been god and watching others react with their lives understanding finished properly you already be attentive to the outcomes of each and every and every physique in the international and knew trillions of years earlier you made advent? you do no longer think of you would be able to get somewhat bored then? to respond to this question i think of there could desire to in all probability be a god yet this god does no longer be something like the god the bible describes. so if he did make the great bang happen he in all probability would not care approximately this kind of insignificant dweebs as webeesss lol
2016-10-17 08:24:37 · answer #3 · answered by Anonymous · 0⤊ 0⤋
hello
System Mechanic professional 6
will fix this problem when you install
System Mechanic professional 6
run DriveScrubber® 2 then when that is one your have no more problem at all .
then you can use
System Mechanic professional 6 6
ti keep the pc working fine
Find and fix problems
Antivirus Protection
Protection from viruses, trojans, worms, and more
Internet Firewall
Protection against Internet threats
Search and Recover™ 3 lost files
Recover deleted data ,,
Stop Dangerous Programs from Starting
Make Windows Boot Faster
Uninstall or Relocate any Program
Tweak Hundreds of System Settings
Save and Compare System Snapshots
...and so much more!
IMPROVED! Spyware Protection
Advanced protection from spyware, malware, adware, and other PC parasites.
NEW! Disaster Recovery
Rescue PCs that won't start and revive damaged hard drives.
NEW! Startup Optimizer
Accelerate boot speeds by optimizing the programs that start with Windows.
FASTER! Disk Defrag
Defragment drives up to ten times faster than the Windows built-in defragmenter.
NEW! Fix Hard Drive Problems
Drive Medic™ fixes disk problems before they can cause data loss or system failure.
NEW! Comprehensive System Inspector Tool
Get ultra-detailed diagnostic reports of all hardware and software in your PC.
ENHANCED! Registry Optimization
Find and fix even more problems that can arise from the Registry and cripple your system.
NEW! Advanced Process Manager
Look under the hood and see what's running. Optionally block dangerous items from starting again.
Eliminate spyware
Defrag hard drives
Fix system errors
Speed up Internet access
Recover from disaster
Clean up system clutter
Defrag memory
Optimize the Registry
Block Web popups
Set up scheduled maintenance
Repair Windows security flaws
Stop dangerous programs from starting
Make Windows boot faster
Uninstall or relocate any program
Tweak hundreds of Windows settings
Save and compare system snapshots
http://www.iolo.com/sm/
2006-09-20 07:13:03 · answer #4 · answered by Anonymous · 0⤊ 4⤋
svchost.exe is a system process belonging to the Microsoft Windows Operating System ... For More Information About svchost.exe - Get WinTasks 5 Pro Now! ...
2006-09-20 07:11:07 · answer #5 · answered by Anonymous · 0⤊ 2⤋
hey man i didn't have enough time to go through the log file!but some real culprits caught my eye!msn messenger,norton,quick time,java update,windows auto update,pg.exe,yahoo messenger!!just disable them all from run--msconfig-startup or/and from control panel-performance and maintenance-services! u may disable all from msconfig-startup except may be Ati! i am not sure whether your graphic cards driver need to be in memory!!
2006-09-20 07:17:58 · answer #6 · answered by sunny 2 · 0⤊ 1⤋
Ok dude, you are either wormed or virused, boot into safe mode and run your antivirus softs!
2006-09-20 07:10:24 · answer #7 · answered by Anonymous · 0⤊ 2⤋
Oh my God... Get a Mac.
2006-09-20 07:43:00 · answer #8 · answered by UbiquitousGeek 6 · 3⤊ 1⤋