Archived from groups: microsoft.public.windowsxp.help_and_support (
More info?)
"jborchardt" wrote:
> I need help. I am trying to get rid of what I think is an
> .exe program that appears on my taskbar and in my task manager
> for only a second and then it is gone. This happens about
> every 10 to 15 minutes and it has become very annoying because
> it interrups the programs that I am working on. I'm worried
> that this might be some kind of spyware or malware.
>
> Thanks for the help.
Here is my HJT log if anyone wants to take a look at it.
Logfile of HijackThis v1.99.1
Scan saved at 1:23:41 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C
😛rogram FilesCommon FilesSymantec SharedccEvtMgr.exe
C
😛rogram FilesNorton AntiVirusnavapsvc.exe
C
😛rogram FilesNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINDOWSSystem32svchost.exe
C
😛rogram FilesCommon FilesSymantec SharedSecurity
CenterSymWSC.exe
C:WINDOWSExplorer.EXE
C
😛rogram FilesCommon FilesSymantec SharedccApp.exe
C
😛rogram FilesHPhpcoretechhpcmpmgr.exe
C
😛rogram FilesHPHP Software UpdateHPWuSchd2.exe
C
😛rogram FilesMicrosoft AntiSpywaregcasServ.exe
C
😛rogram FilesMessengermsmsgs.exe
C
😛rogram FilesHPDigital Imagingbinhpqtra08.exe
C
😛rogram FilesMicrosoft AntiSpywaregcasDtServ.exe
C
😛rogram FilesInternet Exploreriexplore.exe
C
😀ocuments and SettingsJeremy BorchardtDesktopHijackThis.exe
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant
=
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch
=
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C
😛rogram FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C
😛rogram FilesNorton
AntiVirusNavShExt.dll
O4 - HKLM..Run: [PrinTray]
C:WINDOWSSystem32spoolDRIVERSW32X862printray.exe
O4 - HKLM..Run: [ccApp] "C
😛rogram FilesCommon FilesSymantec
SharedccApp.exe"
O4 - HKLM..Run: [ccRegVfy] "C
😛rogram FilesCommon FilesSymantec
SharedccRegVfy.exe"
O4 - HKLM..Run: [Advanced Tools Check]
C
😛ROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 - HKLM..Run: [hpinstantsupport] "C
😛rogram
FilesHewlett-Packardhpisbinmatcliwrapper.exe" "C
😛rogram
FilesHewlett-Packardhpis" -boot
O4 - HKLM..Run: [HP Component Manager] "C
😛rogram
FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor]
C
😛ROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [HP Software Update] C
😛rogram FilesHPHP Software
UpdateHPWuSchd2.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C
😛rogram
FilesJavajre1.5.0_02binjusched.exe
O4 - HKLM..Run: [gcasServ] "C
😛rogram FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [MSMSGS] "C
😛rogram FilesMessengermsmsgs.exe"
/background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C
😛rogram
FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C
😛rogram FilesMicrosoft
OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C
😛ROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:WINDOWSSystem32shdocvw.dll
O9 - Extra ’Tools’ menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:WINDOWSSystem32shdocvw.dll
O9 - Extra button: @C
😛rogram FilesMessengerMsgslang.dll,-61144 -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C
😛rogram
FilesMessengermsmsgs.exe
O9 - Extra ’Tools’ menuitem: @C
😛rogram
FilesMessengerMsgslang.dll,-61144 -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C
😛rogram
FilesMessengermsmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) -
https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online
Control) -
http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) -
http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
Class) -
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
Class) -
http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O17 -
HKLMSystemCCSServicesTcpip..{B21900C6-A14D-4AB5-B928-750C399E841
8}:
NameServer = 216.231.160.2 209.102.191.47
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C
😛rogram FilesCommon FilesSymantec
SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C
😛rogram FilesCommon FilesSymantec
SharedccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner -
C:WINDOWSsystem32LEXBCES.EXE (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C
😛rogram FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C
😛rogram FilesNorton AntiVirusAdvToolsNPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP -
C:WINDOWSSystem32HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C
😛ROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C
😛rogram FilesCommon FilesSymantec
SharedSNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C
😛rogram FilesCommon FilesSymantec SharedSecurity
CenterSymWSC.exe