My first time using HijackThis - is my log okay?

[Unregistered]

Hi,

This is my first time using HijackThis. I am a pretty experienced "IT" guy, although no formal studies or training. I generally know how things work and pruned my scan log down to this (by using the "add checked to ignore list" button).

Code:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:09 PM, on 2/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\sprgrate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\snmsdmod.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jdawgg\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sollice.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.114.181.3:80
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [shmn] C:\WINDOWS\shmn.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [0sFQ3nO] sprgrate.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu]  /L:ENG
O4 - HKCU\..\Run: [HBw4Rhi2V] snmsdmod.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

How does that look?

Thank you for your help!
-Jdawgg

[Ruby]

Hello Jdawgg

STEP 1:
Make sure you set windows to see the hidden files and folders.

STEP 2:
Turn off System Restore.

STEP 3:
Please move(!) (do not copy these files to another directory! Move them to the new directory "badthings") at first the following files to the new folder "badthings" and load that folder "badthings" up to Upload malicious software:

C:\WINDOWS\system32\sprgrate.exe
C:\WINDOWS\system32\snmsdmod.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\shmn.exe
C:\WINDOWS\System32\NavLogon.dll

STEP 4:
Tell me more about all these processes:

C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\sprgrate.exe
C:\WINDOWS\system32\snmsdmod.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\shmn.exe

Where do you need it for? What are you doing with that processes?

STEP 5:
Turn on system restore. Please post another HijackThis Logfile.