Quantcast

Jump to content


Photo

HijackThis!


  • Please log in to reply
41 replies to this topic

#1 ShadowLink64

ShadowLink64
  • 16,716 posts


Users Awards

Posted 18 August 2004 - 06:19 AM

http://www.neocodex....?showtopic=7245

Read this tutorial first, then post your logs :)

#2 LightSabre

LightSabre
  • 637 posts

Posted 18 August 2004 - 06:50 AM

Yup guys, thanks to Friedmont for his tutorial, you can now learn to use it and post your logs here.... we'll try to help you with cleaning your comp. :)

#3 Icey Defeat

Icey Defeat
  • 8,298 posts


Users Awards

Posted 18 August 2004 - 06:51 AM

I think you mean this

it wont let me attach it....

Logfile of HijackThis v1.97.7
Scan saved at 10:51:45 AM, on 8/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hpb2ksrv.exe
C:\WINDOWS\System32\hpbhksrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hpnra.exe
C:\WINDOWS\System32\hpstatus.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\System32\SahAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\ossproxy.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ai'm\ai'm.exe
C:\PROGRA~1\ezula\mmod.exe
C:\WINDOWS\System32\HPBSPSVR.EXE
C:\WINDOWS\System32\HPBJDSNT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Documents and Settings\CMDorwart\Desktop\Text Files\HijackThis.exe
C:\WINDOWS\System32\hppapml0.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://musicvideos.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,becausetomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50038
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {B1A673D4-5BCF-1E43-75C4-40D604AAB6B6} - C:\PROGRA~1\CHINBO~1\Ti'me manager.exe
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\System32\hpnra.exe
O4 - HKLM\..\Run: [HP Status] C:\WINDOWS\System32\hpstatus.exe
O4 - HKLM\..\Run: [HP Proxy Server] C:\Program Files\Hewlett-Packard\ProxyService\ProxyService.lnk
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Baitsoft] C:\PROGRA~1\THEBAL~1\dvdmfcdstore.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Memomanager64size] C:\Documents and Settings\All Users\Application Data\FreeMeetMemoManager\Mode Viewhateverxe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Incredi'mail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Ai'm] C:\Program Files\Ai'm\ai'm.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm006
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Ai'm (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'osmi'm.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.I'mgfarm.com/I'mages/noc...etup1.0.0.8.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (I'mDownloader Class) - http://www2.incredi'mail.com/contents/...#39;mloader.cab


Edited by Icey Defeat, 18 August 2004 - 06:56 AM.


#4 Svenne

Svenne
  • 196 posts

Posted 18 August 2004 - 10:16 AM

this is what I should delete Icy

C:\Program Files\WildTangent\Apps\GameChannel.exe

C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe

C:\PROGRA~1\ezula\mmod.exe

C:\Program Files\WhatPulse\WhatPulse.exe ( found on the net " Well then welcome to the WhatPulse for irc.whatnet.org homepage. This website <-> software combination is the best way of keeping track of your keystrokes.)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,becausetomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50038

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll

O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\System32\btiein.dll

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

O2 - BHO: (no name) - {B1A673D4-5BCF-1E43-75C4-40D604AAB6B6} - C:\PROGRA~1\CHINBO~1\Ti'me manager.exe

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe

O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1

O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm006

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com (HKLM)

O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O10 - Broken Internet access because of LSP provider 'osmi'm.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.I'mgfarm.com/I'mages/noc...etup1.0.0.8.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (I'mDownloader Class) - http://www2.incredi'mail.com/contents/...#39;mloader.cab




these are what I should delete.
there are some more you can delete but thats just a mather of details.
Like incredymail and all those extra buttons.
Greetz svenje

#5 Icey Defeat

Icey Defeat
  • 8,298 posts


Users Awards

Posted 18 August 2004 - 11:43 AM

erm can someone else verify all of that

#6 Robert

Robert
  • 6,933 posts


Users Awards

Posted 18 August 2004 - 12:09 PM

I would KEEP these things in, this one because it sound I'mportant:

O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe

I am sure you want what pulse to start up? if  yes, keep this:

O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe

apart from that, most of the rest there are toolbars so I say get rid of the rest :)

#7 Freidmont

Freidmont
  • 448 posts

Posted 18 August 2004 - 03:49 PM

I would KEEP these things in, this one because it sound I'mportant:

O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe

I am sure you want what pulse to start up? if  yes, keep this:

O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe

apart from that, most of the rest there are toolbars so I say get rid of the rest :lol:

View Post

Nope, SAHAgent is spyware. The only things you might not want to delete is WhatPulse and O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

#8

Posted 18 August 2004 - 05:35 PM

Here's Mine........

Attached Files



#9 Freidmont

Freidmont
  • 448 posts

Posted 18 August 2004 - 07:36 PM

Vegeto, it appears you're pretty much clean. "http://www.gamespot....wnload/kdx.cab" has been reported as spyware, but if you remove it you won't be able to download from gamespot.

#10 Robert

Robert
  • 6,933 posts


Users Awards

Posted 19 August 2004 - 04:08 AM

vegeto, I would also remove this: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

its just some aol thing that comes up in your task manager.

#11 Freidmont

Freidmont
  • 448 posts

Posted 19 August 2004 - 11:37 AM

It's the aol anti spyware thing..personally I wouldn't use it, or any aol program, but it's a personal decision.

#12 Robert

Robert
  • 6,933 posts


Users Awards

Posted 19 August 2004 - 11:58 AM

It's the aol anti spyware thing..personally I wouldn't use it, or any aol program, but it's a personal decision.

View Post


Well I have that thing and I ain't even with aol but it came with my computer :@

#13 xXx$keetchxXx

xXx$keetchxXx
  • 120 posts

Posted 20 August 2004 - 07:09 AM

here's mine. please tell me if I have anything unusual... even if u think I may have purposely put it that way  ^_^

EDIT: forgot to attach it  :blink:
EDIT AGAIN: wont let me attach

Logfile of HijackThis v1.97.7
Scan saved at 11:11:06 AM, on 8/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\QuickTi'me\qttask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SlickRun\sr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital I'maging\bin\hpobnz08.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Digital I'maging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Digital I'maging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.commonnam...bar/sidebar.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pbar.net/PBar...lang=2&bar_id=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll
R3 - URLSearchHook: SrchHook Class - {F08555B0-9CC3-11D2-AA8E-000000000000} - C:\WINDOWS\system\SEARCH~1.DLL
O1 - Hosts: 213.189.34.4 auto.search.msn.com
O1 - Hosts: 12.129.205.209 search.netscape.com
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\Program Files\CommonName\Toolbar\CNBabe.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\lexbar.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\msnwb.dll
O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_22.dll
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINDOWS\System32\netpal.dll (file missing)
O2 - BHO: (no name) - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\lexbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTi'me Task] "C:\Program Files\QuickTi'me\qttask.exe" -atbootti'me
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [SlickRun] "C:\Program Files\SlickRun\sr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\DOCUME~1\michael\LOCALS~1\Temp\EJN91.tmp" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital I'maging\bin\hpobnz08.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Flash Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM)
O9 - Extra button: Voiceglo directory (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Sothink SWF Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://I'mages.neopets.com/glophone/neoblue5.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTi'me Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator....094_hd3ptdm.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pcwab.ab.moti...wActiveXCab.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7515.6015046296
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com...ior/Outside.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab


Edited by xXx$keetchxXx, 20 August 2004 - 07:13 AM.


#14 Freidmont

Freidmont
  • 448 posts

Posted 20 August 2004 - 12:13 PM

here's mine. please tell me if I have anything unusual... even if u think I may have purposely put it that way  :D

EDIT: forgot to attach it  :blink:
EDIT AGAIN: wont let me attach

View Post

Holy crap..so much spyware there I'm not even going to list everything you need to remove. Ok..download Ad-Aware and Spy Sweeper, update the definitions and scan using each program. That alone should speed up your computer a ton..afterwards run HJT again & repost your log, should be a lot shorter :)

#15 xXx$keetchxXx

xXx$keetchxXx
  • 120 posts

Posted 20 August 2004 - 12:46 PM

jeez, ive only been scanning like 2 min. and already found 81 CRITICAL OBJECTS!!! do I have anything in there that would send like passwords and stuff?!?

#16 Firestorm

Firestorm
  • 159 posts

Posted 20 August 2004 - 01:36 PM

I got sent that myway spyware bar, and many viruses, and why..... cos I left my bli'mmin firewall off, I also got the later version of the sasser, the removal tool won't delete it, but I have disabled it still I have the process

lsass.exe  under SYSTEM username

Edited by Firestorm, 20 August 2004 - 01:37 PM.


#17 Freidmont

Freidmont
  • 448 posts

Posted 20 August 2004 - 02:11 PM

jeez, ive only been scanning like 2 min. and already found 81 CRITICAL OBJECTS!!! do I have anything in there that would send like passwords and stuff?!?

View Post

Possibly, but I doubt it. As a security measure I change all my passwords when I find a virus/spyware which is no small task.

#18 Guest_cocacolacrazy_*

Guest_cocacolacrazy_*

Posted 22 August 2004 - 03:01 AM

here is my generated list Attached File  startuplist.txt   7.26KB   3 downloads

and here's the rest:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTi'me\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\WINDOWS\system32\gsicon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\NetObjects Fusion MX\nof\Fusion.exe
C:\Documents and Settings\Eli\My Documents\yitzhak\Web pages\MozillaFirebird\ff\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.184.108.162:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTi'me Task] "C:\Program Files\QuickTi'me\qttask.exe" -atbootti'me
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"
O4 - Startup: gsicon.exe.lnk = C:\WINDOWS\system32\gsicon.exe
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 2.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTi'me Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...ffiliate=ILELAL
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {3EA00DAB-812E-4894-A7D2-E9B0F80E94AE} (ARSign Class) - https://www.join.poali'm.co.il/reg/pk/cabs/arpkcom.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://vs03-us.proti...lient/msrdp.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...8065.1086921296
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.../global/msc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E6DB6A0-B905-48BA-B70C-4F0AEBD0AD28}: NameServer = 192.115.106.31 192.115.106.35



#19 Freidmont

Freidmont
  • 448 posts

Posted 22 August 2004 - 08:55 AM

Ok cocacola, here's some stuff to get rid of:

DSLAGENTEXE = dslagent.exe USB

[BlueStream_Flash Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Rovion.dll
CODEBASE = http://www.rovion.co...ffiliate=ILELAL

[ARSign Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\arpkcom.dll
CODEBASE = https://www.join.poali'm.co.il/reg/pk/cabs/arpkcom.cab

#20 113

113
  • 1,190 posts

Posted 22 August 2004 - 12:19 PM

I got sent that myway spyware bar, and many viruses, and why..... cos I left my bli'mmin firewall off, I also got the later version of the sasser, the removal tool won't delete it, but I have disabled it still I have the process

lsass.exe  under SYSTEM username

View Post

lsass - lsass.exe - Process Information

Process File: lsass or lsass.exe
Process Name: Local Security Authority Service
Description: Windows Local Security Authority Server Process handles Windows security mechanisms. It verifies the validity of user logons to your computer or server. Technically, the software generates the process that is responsible for authenticating users for the Winlogon service.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A


you shouldnt end this process....  + I think this isnt sasser. but blaster (here is the removal kit http://www.pandasoft...S-PQR&Idioma=2)

patch your windoze using v4.windowsupdate.microsoft.com (enter this in IE)

#21 xXx$keetchxXx

xXx$keetchxXx
  • 120 posts

Posted 23 August 2004 - 12:10 PM

OK, here's my log after some cleaning. Tell mr if u think theres still spyware

Logfile of HijackThis v1.97.7
Scan saved at 4:08:32 PM, on 8/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\QuickTi'me\qttask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SlickRun\sr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Hewlett-Packard\Digital I'maging\bin\hpobnz08.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Hewlett-Packard\Digital I'maging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital I'maging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE
C:\Documents and Settings\*username removed* B) \Desktop\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 213.189.34.4 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\lexbar.dll
O2 - BHO: (no name) - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\lexbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTi'me Task] "C:\Program Files\QuickTi'me\qttask.exe" -atbootti'me
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KBD] C:\hp\KBD\KBD.EXE
O4 - HKCU\..\Run: [SlickRun] "C:\Program Files\SlickRun\sr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital I'maging\bin\hpobnz08.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Flash Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM)
O9 - Extra button: Voiceglo directory (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Sothink SWF Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://I'mages.neopets.com/glophone/neoblue5.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTi'me Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator....094_hd3ptdm.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pcwab.ab.moti...wActiveXCab.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7515.6015046296
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com...ior/Outside.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab



EDIT: Forgot to attach again  :blink:

Edited by xXx$keetchxXx, 23 August 2004 - 12:12 PM.


#22 Freidmont

Freidmont
  • 448 posts

Posted 23 August 2004 - 08:30 PM

Hmm...those spyware tools seem to have really helped. The only thing you really need to remove now is

O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator....094_hd3ptdm.cab

also, you might want to remove certain apps to speed up your pc by clicking start > run > msconfig, but that's up to you.

#23

Posted 23 August 2004 - 08:39 PM

I got like 50 trojans of a file that was 1meg somehow............

#24 sin

sin
  • 311 posts

Posted 29 August 2004 - 02:47 PM

heres my log

StartupList report, 8/29/2004, 3:28:59 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Owner\My Documents\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Digital I'maging\Unload\hpqcmon.exe
C:\Program Files\QuickTi'me\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Yahoo!\Parental Controls\YPC.EXE
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\ccAppw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

hpsysdrv = c:\windows\system\hpsysdrv.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
KBD = C:\HP\KBD\KBD.EXE
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
PS2 = C:\WINDOWS\system32\ps2.exe
NAV Agent = c:\PROGRA~1\NORTON~1\navapw32.exe
checkti'me = c:\program files\HPSelect\Frontend\ct.exe
StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
nwiz = nwiz.exe /install
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
CamMonitor = c:\Program Files\Hewlett-Packard\Digital I'maging\Unload\hpqcmon.exe
QuickTi'me Task = "C:\Program Files\QuickTi'me\qttask.exe" -atbootti'me
YBrowser = C:\Program Files\Yahoo!\browser\ybrwicon.exe
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
tgcmdprovidersbc = "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
Symantec Configuration Loader = ccAppw32.exe
Bait film = C:\PROGRA~1\Ai'mKEE~1\BITSBAGS.exe
ltourstart.exe = C:\WINDOWS\System32\ltourstart.exe
YPC = C:\Program Files\Yahoo!\Parental Controls\YPC.EXE
csrs = C:\WINDOWS\System32\csrs.exe
New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
WinTools = C:\Program Files\Common Files\WinTools\WToolsA.exe
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
LTMSG = LTMSG.exe 7
heck bird online bows = C:\Documents and Settings\All Users\Application Data\support clock heck bird\Shi'm Burn.exe
TV Media = C:\Program Files\TV Media\Tvm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Symantec Configuration Loader = ccAppw32.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
ltourstart.exe = C:\WINDOWS\System32\ltourstart.exe
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
WhatPulse = C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
TV Media = C:\Program Files\TV Media\Tvm.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\NewDotNet\newdotnet6_30.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
(no name) - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll - {87766247-311C-43B4-8499-3D5FEC94A183}
(no name) - C:\PROGRA~1\CAMPSK~1\fordidle.exe - {87AD6F82-9B3C-AF44-E4E9-96A1844D3B3B}
(no name) - c:\program files\google\googletoolbar2.dll (file missing) - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab28578.cab

[{01234567-1234-1234-1234-012345678921}]
CODEBASE = http://I'mages.neopets.com/glophone/neoblue5.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.micr...b?1091986135984

[yucsetreg Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yucconfig.dll
CODEBASE = C:\Program Files\Yahoo!\common\yucconfig.dll

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab28578.cab

[MiniBugTransporterX Class]
CODEBASE = http://download.weat...Transporter.cab?

[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\common\yinsthelper.dll

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akama...meInstaller.exe

[{5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A}]
CODEBASE = http://www.atelys.com/src/Speedup.ocx

[Groove Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GrooveAX.dll
CODEBASE = http://www.nick.com/.../GrooveAX27.cab

[AdInstaller Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ADINST~1.OCX
CODEBASE = http://www.movies.ne...AdInstaller.ocx

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab28578.cab

[{8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A}]
CODEBASE = http://www.quikshield.com/qshsetup.exe

[RegConfig Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yregcfg.dll
CODEBASE = http://download.yaho...rod/yregcfg.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7772.6578703704

[YahooYMailTo Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll
CODEBASE = http://download.yaho...mail/ymmapi.dll

[YAddBook Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE = http://us.dl1.yi'mg.com/download.yahoo...utocomplete.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[{DDFFA75A-E81D-4454-89FC-B9FD0631E726}]
CODEBASE = http://www.bundlewar...veX/DS3/DS3.cab

[{E62A47D8-74B1-4A93-963A-E5E43B7CC5C2}]
CODEBASE = http://www.zuvio.com...te/UCSearch.CAB

[{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}]
CODEBASE = http://www.trueswitc...eInstallSBC.exe

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\NewDotNet\newdotnet6_30.dll
Protocol #1: xfire_lsp_8742.dll (file MISSING)
Protocol #2: xfire_lsp_8742.dll (file MISSING)
Protocol #3: xfire_lsp_8742.dll (file MISSING)
Protocol #4: xfire_lsp_8742.dll (file MISSING)
Protocol #5: xfire_lsp_8742.dll (file MISSING)
Protocol #6: xfire_lsp_8742.dll (file MISSING)
Protocol #7: xfire_lsp_8742.dll (file MISSING)
Protocol #8: xfire_lsp_8742.dll (file MISSING)
Protocol #9: YPCLSP.dll (file MISSING)
Protocol #10: YPCLSP.dll (file MISSING)
Protocol #11: YPCLSP.dll (file MISSING)
Protocol #31: YPCLSP.dll (file MISSING)
Protocol #32: xfire_lsp_8742.dll (file MISSING)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Owner\LOCALS~1\Temp\~616553.tmp|||A

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 12,516 bytes
Report generated in 0.172 seconds

Command line options:
/verbose  - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full  - to include several rarely-I'mportant sections
/force9x  - to include Win9x-only startups even if running on WinNT
/forcent  - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history  - to list version history only



#25 Dominate

Dominate
  • 2,090 posts

Posted 12 September 2004 - 10:44 AM

heres mine

StartupList report, 9/12/2004, 2:38:12 PM
StartupList version: 1.52
Started from : C:\Documents and

Settings\Administrator\Desktop\dgfd\HijackThis.EXE
Detected: Windows XP  (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Project Lab\DDS\DDS.EXE
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Pinnacle\Shared

Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Documents and Settings\Administrator\Desktop\dgfd\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle

PCTV\ERegister\RegTool.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ

Firewall\ca.exe
Pinnacle Scheduler.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

VetTray = C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
CCD Manager = "C:\Program Files\Project Lab\DDS\DDS.EXE"
PCTVRemote = C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
QuickTi'me Task = "C:\Program Files\QuickTi'me\qttask.exe" -atbootti'me
TV Media = C:\Program Files\TV Media\Tvm.exe
VBundleOuterDL = C:\Program Files\VBouncer\BundleOuter.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
TV Media = C:\Program Files\TV Media\Tvm.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_3_12_0.dll -

{02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll -

{53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

{3E9E5CF5-9775-429D-B471-E50D08FF998D}_BLACK_Administrator.job
{B3A5273D-E71A-417A-AA60-FEB5AB78E642}_BLACK_Administrator.job
{B3E09E26-ED52-44C5-AE17-3AD57CA5610F}_BLACK_Administrator.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://active.macrom...abs/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 5,359 bytes
Report generated in 0.062 seconds

Command line options:
/verbose  - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full  - to include several rarely-I'mportant sections
/force9x  - to include Win9x-only startups even if running on WinNT
/forcent  - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of

platform
/history  - to list version history only

is it good or bad???


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users