9 replies to this topic

[sin]

please I also have hijack this so I  will  post that to

StartupList report, 8/29/2004, 3:28:59 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Owner\My Documents\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Digital I'maging\Unload\hpqcmon.exe
C:\Program Files\QuickTi'me\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Yahoo!\Parental Controls\YPC.EXE
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\ccAppw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

hpsysdrv = c:\windows\system\hpsysdrv.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
KBD = C:\HP\KBD\KBD.EXE
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
PS2 = C:\WINDOWS\system32\ps2.exe
NAV Agent = c:\PROGRA~1\NORTON~1\navapw32.exe
checkti'me = c:\program files\HPSelect\Frontend\ct.exe
StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
nwiz = nwiz.exe /install
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
CamMonitor = c:\Program Files\Hewlett-Packard\Digital I'maging\Unload\hpqcmon.exe
QuickTi'me Task = "C:\Program Files\QuickTi'me\qttask.exe" -atbootti'me
YBrowser = C:\Program Files\Yahoo!\browser\ybrwicon.exe
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
tgcmdprovidersbc = "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
Symantec Configuration Loader = ccAppw32.exe
Bait film = C:\PROGRA~1\Ai'mKEE~1\BITSBAGS.exe
ltourstart.exe = C:\WINDOWS\System32\ltourstart.exe
YPC = C:\Program Files\Yahoo!\Parental Controls\YPC.EXE
csrs = C:\WINDOWS\System32\csrs.exe
New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
WinTools = C:\Program Files\Common Files\WinTools\WToolsA.exe
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
LTMSG = LTMSG.exe 7
heck bird online bows = C:\Documents and Settings\All Users\Application Data\support clock heck bird\Shi'm Burn.exe
TV Media = C:\Program Files\TV Media\Tvm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Symantec Configuration Loader = ccAppw32.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
ltourstart.exe = C:\WINDOWS\System32\ltourstart.exe
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
WhatPulse = C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
TV Media = C:\Program Files\TV Media\Tvm.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\NewDotNet\newdotnet6_30.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
(no name) - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll - {87766247-311C-43B4-8499-3D5FEC94A183}
(no name) - C:\PROGRA~1\CAMPSK~1\fordidle.exe - {87AD6F82-9B3C-AF44-E4E9-96A1844D3B3B}
(no name) - c:\program files\google\googletoolbar2.dll (file missing) - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab28578.cab

[{01234567-1234-1234-1234-012345678921}]
CODEBASE = http://I'mages.neopets.com/glophone/neoblue5.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.micr...b?1091986135984

[yucsetreg Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yucconfig.dll
CODEBASE = C:\Program Files\Yahoo!\common\yucconfig.dll

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab28578.cab

[MiniBugTransporterX Class]
CODEBASE = http://download.weat...Transporter.cab?

[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\common\yinsthelper.dll

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akama...meInstaller.exe

[{5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A}]
CODEBASE = http://www.atelys.com/src/Speedup.ocx

[Groove Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GrooveAX.dll
CODEBASE = http://www.nick.com/.../GrooveAX27.cab

[AdInstaller Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ADINST~1.OCX
CODEBASE = http://www.movies.ne...AdInstaller.ocx

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab28578.cab

[{8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A}]
CODEBASE = http://www.quikshield.com/qshsetup.exe

[RegConfig Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yregcfg.dll
CODEBASE = http://download.yaho...rod/yregcfg.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7772.6578703704

[YahooYMailTo Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll
CODEBASE = http://download.yaho...mail/ymmapi.dll

[YAddBook Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE = http://us.dl1.yi'mg.com/download.yahoo...utocomplete.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[{DDFFA75A-E81D-4454-89FC-B9FD0631E726}]
CODEBASE = http://www.bundlewar...veX/DS3/DS3.cab

[{E62A47D8-74B1-4A93-963A-E5E43B7CC5C2}]
CODEBASE = http://www.zuvio.com...te/UCSearch.CAB

[{FFFFFFFF-CACE-BABE-BABE-00AA0055595A}]
CODEBASE = http://www.trueswitc...eInstallSBC.exe

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\NewDotNet\newdotnet6_30.dll
Protocol #1: xfire_lsp_8742.dll (file MISSING)
Protocol #2: xfire_lsp_8742.dll (file MISSING)
Protocol #3: xfire_lsp_8742.dll (file MISSING)
Protocol #4: xfire_lsp_8742.dll (file MISSING)
Protocol #5: xfire_lsp_8742.dll (file MISSING)
Protocol #6: xfire_lsp_8742.dll (file MISSING)
Protocol #7: xfire_lsp_8742.dll (file MISSING)
Protocol #8: xfire_lsp_8742.dll (file MISSING)
Protocol #9: YPCLSP.dll (file MISSING)
Protocol #10: YPCLSP.dll (file MISSING)
Protocol #11: YPCLSP.dll (file MISSING)
Protocol #31: YPCLSP.dll (file MISSING)
Protocol #32: xfire_lsp_8742.dll (file MISSING)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Owner\LOCALS~1\Temp\~616553.tmp|||A

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 12,516 bytes
Report generated in 0.172 seconds

Command line options:
/verbose  - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full  - to include several rarely-I'mportant sections
/force9x  - to include Win9x-only startups even if running on WinNT
/forcent  - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history  - to list version history only

edit:sorry move this to where its soposed to be I bet you wouldent like a bunch of small topics though lemony
other edit:how ddid you see stuff you dont know is tht bad?
other other edit:is rundll a viruss it always comes up and bugs me?
other other other edit:I have apsolutly no idea lol

QUOTE
heck bird online bows = C:\Documents and Settings\All Users\Application Data\support clock heck bird\Shi'm Burn.exe



That looks suspicious, but I don't know what's spyware or not lol.

Edited by sin, 29 August 2004 - 02:41 PM.

[Dan]

Why not make one HUGE topic about it, and post it in the wrong forum..Sin,??Use your common sense, please.

[LuGiA]

It all depends on what your running, I barely run anything so I only have about 6 owners thing running, but if you're running norton/mcafee theres another 1-2 but ones with like 7dsadfjust kidding4just kidding.exe are probably viruses, they usually have a name coordinating to the progra. Kaspersky had Kav.exe and stuff like that so put 2and2 together, nothing on your owner account besides Explorer.exe is going to mess it up. But you can just restart to fix that.

[dolphinbomb]

heck bird online bows = C:\Documents and Settings\All Users\Application Data\support clock heck bird\Shi'm Burn.exe

That looks suspicious, but I don't know what's spyware or not lol.

[sin]

bump-not know if allowed but I saw gri'm do it do it so I am-bump

[Cataliste]

OK your system seems clean to meh......altho you have alot of crap progs running (no offence) such as iexplorer.exe, yahoo!,AOLm ect, but yeah, looks good.

[sin]

I dont use aol anymore I use yahoo dsl now

[sin]

I got msn is that ok?

[SteWieH]

that tv media.exe should be removed. it is SPYWARE

[oninous]

HOLY LORD JESUS! That's alot to post!

Go HERE~~~ ---> http://www.rockymoun...ref_startup.htm

Fixed... short and sweet!