|
|
|
New list of utilities
Showing all messages in thread #1113091578
Windows XP Annoyances Discussion Forum
The following are all of the messages in this thread (13 in all), shown in chronological order. Click any message subject to view that message by itself or to view the thread hierarchy.
|
New list of utilities
Saturday, April 9, 2005 at 5:06 pm
Posted by Falcon
(13489 messages posted)
Perform the following:
- Disable System Restore*
- Perform an online
virus scan****.
- Download, update, and run these tools:
Repeat as necessary until clean.
- If you still experience problems after doing these steps, download
HijackThis* and post a log
to
this forum.
- To protect against reinfection, download and use these:
If at all possible, I recommend that you use alternative software, particularly
web browsers and email clients:
If this is not a viable option, or for additional protection, use these:
- Optionally Reenable
System Restore*.
Better alternatives to
System Restore.
If you encounter any broken links, please inform
me of them. Also note that these links direct through my web server to allow
me to keep them
up-to-date or post additional info. If you are unable to use the links above, click
the stars
instead, which are a direct link to the page in question.
[Reply or follow-up to this message]
| |
re: New list of utilities
Saturday, April 9, 2005 at 5:35 pm
Posted by joe
(7018 messages posted)
right on dude, thanks!
[Reply or follow-up to this message]
|
re: New list of utilities
Sunday, April 10, 2005 at 6:38 am
Posted by Paulina
(3264 messages posted)
Gotcha - no more new Nom de plumes for a while now :)
[Reply or follow-up to this message]
|
re: New list of utilities
Sunday, April 17, 2005 at 4:47 pm
Posted by Scott Busche
(14 messages posted)
Logfile of HijackThis v1.99.1
Scan saved at 6:41:06 PM, on 4/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\Nmain.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\NORTON~3\NORTON~3\navw32.exe
C:\Documents and Settings\Scott B\Desktop\Scans\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Scott%20B/My%20Documents/Scott's/homepage/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common
Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet
Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber
Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber
Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software
Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe"
/GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe"
/Q
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100141265234
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) -
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe"
-k runservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive
Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal
Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation
- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation
- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation
- C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\Security Center\SymWSC.exe
There ya go.
On Saturday, April 9, 2005 at 5:06 pm, Falcon wrote:
>Perform the following:
>
>
>- Disable System Restore
>style="color:black;text-decoration:none" href="http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam">*
>
>- Perform an online
>virus scan*
>style="color:black;text-decoration:none" href="http://www.pandasoftware.com/activescan/com/activescan_principal.htm">*
>style="color:black;text-decoration:none" href="http://www.bitdefender.com/scan/licence.php">*
>style="color:black;text-decoration:none" href="http://vil.nai.com/vil/stinger/">*.
>
>- Download, update, and run these tools:
>
> Repeat as necessary until clean.
>
>
>- If you still experience problems after doing these steps, download
>HijackThis
>href="http://www.majorgeeks.com/download3155.html">* and post a log
>to
>this forum.
>
>- To protect against reinfection, download and use these:
> If at all possible, I recommend that you use alternative software, particularly
>web browsers and email clients:
> If this is not a viable option, or for additional protection, use these:
>
>
>
>- Optionally Reenable
>System Restore*.
>Better alternatives to
>System Restore.
>
>
>
> If you encounter any broken links, please inform
> me of them. Also note that these links direct through my web server to allow
>me to keep them
> up-to-date or post additional info. If you are unable to use the links above, click
>the stars
> instead, which are a direct link to the page in question.
>
[Reply or follow-up to this message]
|
re: New list of utilities
Sunday, May 1, 2005 at 4:10 pm
Posted by Sonya
(3 messages posted)
Still experiencing problems...
Logfile of HijackThis v1.99.1
Scan saved at 3:45:41 PM, on 01/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\WINDOWS\gaSrve.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\svchost.exe
C:\DOCUME~1\JASBAT~1\LOCALS~1\Temp\nnmtx.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot
- Search & Destroy\SDHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\gegre.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe
/AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft
Works\WkDetect.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Microsoft Service] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Microsoft IDCN] C:\WINDOWS\system32\mshe1p.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
/AUTOSTART
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norton Personal Firewall] jah.exe
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [Win Update Microsoft] winmode.exe
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\nerocheck.exe /i
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [Windows Secure Connection] winsc.exe
O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyrl32.exe
O4 - HKLM\..\Run: [CWETQ] C:\WINDOWS\aidwaew.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] jah.exe
O4 - HKLM\..\RunServices: [Win Update Microsoft] winmode.exe
O4 - HKLM\..\RunServices: [Windows Secure Connection] winsc.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money
Express.exe"
O4 - HKCU\..\Run: [Norton Personal Firewall] jah.exe
O4 - HKCU\..\Run: [Win Update Microsoft] winmode.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Secure Connection] winsc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak
EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5}
- C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Advisor - {93D153C4-4F21-4022-9D86-04CDAFB3A231} - C:\Program
Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq
Advisor\bin\compaq-rba.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company
- C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog
Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Thanks.
On Saturday, April 9, 2005 at 5:06 pm, Falcon wrote:
> Perform the following:
>
>
>- Disable System Restore
>style="color:black;text-decoration:none" href="http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam">*
>
>- Perform an online
>virus scan*
>style="color:black;text-decoration:none" href="http://www.pandasoftware.com/activescan/com/activescan_principal.htm">*
>style="color:black;text-decoration:none" href="http://www.bitdefender.com/scan/licence.php">*
>style="color:black;text-decoration:none" href="http://vil.nai.com/vil/stinger/">*.
>
>- Download, update, and run these tools:
>
> Repeat as necessary until clean.
>
>
>- If you still experience problems after doing these steps, download
>HijackThis
>href="http://www.majorgeeks.com/download3155.html">* and post a log
>to
>this forum.
>
>- To protect against reinfection, download and use these:
> If at all possible, I recommend that you use alternative software, particularly
>web browsers and email clients:
> If this is not a viable option, or for additional protection, use these:
>
>
>
>- Optionally Reenable
>System Restore*.
>Better alternatives to
>System Restore.
>
>
>
> If you encounter any broken links, please inform
> me of them. Also note that these links direct through my web server to allow
>me to keep them
> up-to-date or post additional info. If you are unable to use the links above, click
>the stars
> instead, which are a direct link to the page in question.
>
>
>
[Reply or follow-up to this message]
|
re: New list of utilities
Sunday, May 1, 2005 at 6:17 pm
Posted by Falcon
(13489 messages posted)
- Reboot to Safe Mode
- Check these entries in HijackThis and press Fix:
R3 - Default URLSearchHook is missing
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\gegre.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Service] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Microsoft IDCN] C:\WINDOWS\system32\mshe1p.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norton Personal Firewall] jah.exe
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [Win Update Microsoft] winmode.exe
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\nerocheck.exe /i
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [Windows Secure Connection] winsc.exe
O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyrl32.exe
O4 - HKLM\..\Run: [CWETQ] C:\WINDOWS\aidwaew.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] jah.exe
O4 - HKLM\..\RunServices: [Win Update Microsoft] winmode.exe
O4 - HKLM\..\RunServices: [Windows Secure Connection] winsc.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Norton Personal Firewall] jah.exe
O4 - HKCU\..\Run: [Win Update Microsoft] winmode.exe
O4 - HKCU\..\Run: [Windows Secure Connection] winsc.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
- Delete these files and folders:
- C:\WINDOWS\System32\P2P Networking\
- C:\WINDOWS\System32\canada.exe
- C:\WINDOWS\aidwaew.exe
- C:\WINDOWS\gaSrve.exe
- C:\WINDOWS\gegre.dll
- C:\WINDOWS\nerocheck.exe
- C:\WINDOWS\shch.exe
- C:\WINDOWS\svchost.exe
- C:\WINDOWS\system32\mshe1p.exe
- C:\WINDOWS\system32\syshost.exe
- C:\windows\system32\eliteyrl32.exe
- c:\windows\system\BHOmod.dll
- jah.exe
- winmode.exe
- winsc.exe
- Start->Run->"%temp%"->Delete all the files and folders there.
- Reboot normally and post another log.
My Malware Removal Instructions
Perform the following:
-
Disable System
Restore
*
- Perform an online
virus scan
*
*
*
*
.
- Download, update, and run these tools:
Repeat as necessary until clean.
- If you still experience problems after doing these steps, download
HijackThis
*
and post a log to this forum.
- To protect against reinfection, download and use these:
If at all possible, I recommend that you use alternative software, particularly
web browsers
and email clients:
If this is not a viable option, or for additional protection, use these:
- Optionally Reenable
System Restore
*
. Better alternatives
to System Restore.
If you encounter any broken links, please inform
me of them. Also note that these links direct through my web server to
allow me to keep them
up-to-date or post additional info. If you are unable to use the links above,
click the stars
instead, which are a direct link to the page in question.
[Reply or follow-up to this message]
|
re: New list of utilities
Wednesday, May 4, 2005 at 8:45 pm
Posted by Sonya
(3 messages posted)
Thanks for your help! Here's the latest log...
Logfile of HijackThis v1.99.1
Scan saved at 8:41:24 PM, on 04/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Compaq
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot
- Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe
/AllUsers
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak
EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5}
- C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Advisor - {93D153C4-4F21-4022-9D86-04CDAFB3A231} - C:\Program
Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81E7055C-2C3E-4124-A230-E693F97E601F}:
NameServer = 209.115.142.9 209.115.142.132
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq
Advisor\bin\compaq-rba.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company
- C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog
Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
On Sunday, May 1, 2005 at 6:17 pm, Falcon wrote:
>
> - Reboot to Safe Mode
> - Check these entries in HijackThis and press Fix:
>
>R3 - Default URLSearchHook is missing
>O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\gegre.dll
>O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
>O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
>O4 - HKLM\..\Run: [Microsoft Service] C:\WINDOWS\system32\syshost.exe
>O4 - HKLM\..\Run: [Microsoft IDCN] C:\WINDOWS\system32\mshe1p.exe
>O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
>O4 - HKLM\..\Run: [Norton Personal Firewall] jah.exe
>O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\shch.exe /i
>O4 - HKLM\..\Run: [Win Update Microsoft] winmode.exe
>O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\nerocheck.exe /i
>O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
>O4 - HKLM\..\Run: [Windows Secure Connection] winsc.exe
>O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe
>O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyrl32.exe
>O4 - HKLM\..\Run: [CWETQ] C:\WINDOWS\aidwaew.exe
>O4 - HKLM\..\RunServices: [Norton Personal Firewall] jah.exe
>O4 - HKLM\..\RunServices: [Win Update Microsoft] winmode.exe
>O4 - HKLM\..\RunServices: [Windows Secure Connection] winsc.exe
>O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
>O4 - HKCU\..\Run: [Norton Personal Firewall] jah.exe
>O4 - HKCU\..\Run: [Win Update Microsoft] winmode.exe
>O4 - HKCU\..\Run: [Windows Secure Connection] winsc.exe
>O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
>
>
> - Delete these files and folders:
>
> - C:\WINDOWS\System32\P2P Networking\
> - C:\WINDOWS\System32\canada.exe
> - C:\WINDOWS\aidwaew.exe
> - C:\WINDOWS\gaSrve.exe
> - C:\WINDOWS\gegre.dll
> - C:\WINDOWS\nerocheck.exe
> - C:\WINDOWS\shch.exe
> - C:\WINDOWS\svchost.exe
> - C:\WINDOWS\system32\mshe1p.exe
> - C:\WINDOWS\system32\syshost.exe
> - C:\windows\system32\eliteyrl32.exe
> - c:\windows\system\BHOmod.dll
> - jah.exe
> - winmode.exe
> - winsc.exe
>
>
> - Start->Run->"%temp%"->Delete all the files and folders there.
> - Reboot normally and post another log.
>
>
>
>
>
> My Malware Removal Instructions
>
>
> Perform the following:
>
>
>
> Disable System
>Restore
>
> *
>
>
>
> - Perform an online
>virus scan
>
> *
>
>
> *
>
>
> *
>
>
> *
> .
>
>
> - Download, update, and run these tools:
>
> Repeat as necessary until clean.
>
>
> - If you still experience problems after doing these steps, download
> HijackThis
>
> *
>
> and post a log to this forum.
>
>
> - To protect against reinfection, download and use these:
> If at all possible, I recommend that you use alternative software, particularly
>web browsers
> and email clients:
>
> If this is not a viable option, or for additional protection, use these:
>
>
>
> - Optionally Reenable
>System Restore
>
> *
> . Better alternatives
>to System Restore.
>
>
>
> If you encounter any broken links, please inform
> me of them. Also note that these links direct through my web server to
>allow me to keep them
> up-to-date or post additional info. If you are unable to use the links above,
>click the stars
> instead, which are a direct link to the page in question.
>
>
>
>
>
>
[Reply or follow-up to this message]
|
re: New list of utilities
Thursday, May 5, 2005 at 6:20 am
Posted by Falcon
(13489 messages posted)
Your log is clean. Problem fixed?
My Malware Removal Instructions
Perform the following:
-
Disable System
Restore
*
- Perform an online
virus scan
*
*
*
*
.
- Download, update, and run these tools:
Repeat as necessary until clean.
- If you still experience problems after doing these steps, download
HijackThis
*
and post a log to this forum.
- To protect against reinfection, download and use these:
If at all possible, I recommend that you use alternative software, particularly
web browsers
and email clients:
If this is not a viable option, or for additional protection, use these:
- Optionally Reenable
System Restore
*
. Better alternatives
to System Restore.
If you encounter any broken links, please inform
me of them. Also note that these links direct through my web server to
allow me to keep them
up-to-date or post additional info. If you are unable to use the links above,
click the stars
instead, which are a direct link to the page in question.
[Reply or follow-up to this message]
|
re: New list of utilities
Thursday, May 5, 2005 at 1:50 pm
Posted by Sonya
(3 messages posted)
Yes, all the junk is gone. Thank you!
On Thursday, May 5, 2005 at 6:20 am, Falcon wrote:
>Your log is clean. Problem fixed?
> style="margin-left: 0; line-height: normal; color:
>black; font-size: medium">
>
>
>
>
> My Malware Removal Instructions
>
>
> Perform the following:
>
>
>
> Disable System
>Restore
>
> *
>
>
>
> - Perform an online
>virus scan
>
> *
>
>
> *
>
>
> *
>
>
> *
> .
>
>
> - Download, update, and run these tools:
>
> Repeat as necessary until clean.
>
>
> - If you still experience problems after doing these steps, download
> HijackThis
>
> *
>
> and post a log to this forum.
>
>
> - To protect against reinfection, download and use these:
> If at all possible, I recommend that you use alternative software, particularly
>web browsers
> and email clients:
>
> If this is not a viable option, or for additional protection, use these:
>
>
>
> - Optionally Reenable
>System Restore
>
> *
> . Better alternatives
>to System Restore.
>
>
>
> If you encounter any broken links, please inform
> me of them. Also note that these links direct through my web server to
>allow me to keep them
> up-to-date or post additional info. If you are unable to use the links above,
>click the stars
> instead, which are a direct link to the page in question.
>
>
>
>
>
>
>
[Reply or follow-up to this message]
|
re: New list of utilities
Thursday, May 5, 2005 at 6:12 pm
Posted by Matthew D. Healy
(1255 messages posted)
My French is rather weak, but shouldn't the
word nom rather than the word
plume get the plural?
On Sunday, April 10, 2005 at 6:38 am, Paulina wrote:
>
>Gotcha - no more new Nom de plumes for a while now :)
>
[Reply or follow-up to this message]
|
re: New list of utilities
Friday, May 6, 2005 at 12:45 am
Posted by Paulina
(3264 messages posted)
You are right indubitably correct! A month late, but correct.
'The term is taken from the French nom de plume, meaning “pen name” but does not
actually exist in the French language - which uses nom de guerre, meaning “assumed
name under which a person fights or writes'
[Reply or follow-up to this message]
|
removal of Seeve
Saturday, May 21, 2005 at 11:28 am
Posted by barb
(2 messages posted)
thank you for trying to help.. it did not work.. I did not do Hijack This because
it said it was for advanced computer people and I am not one of those!
On Saturday, April 9, 2005 at 5:06 pm, Falcon wrote:
> Perform the following:
>
>
>- Disable System Restore
>style="color:black;text-decoration:none" href="http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam">*
>
>- Perform an online
>virus scan*
>style="color:black;text-decoration:none" href="http://www.pandasoftware.com/activescan/com/activescan_principal.htm">*
>style="color:black;text-decoration:none" href="http://www.bitdefender.com/scan/licence.php">*
>style="color:black;text-decoration:none" href="http://vil.nai.com/vil/stinger/">*.
>
>- Download, update, and run these tools:
>
> Repeat as necessary until clean.
>
>
>- If you still experience problems after doing these steps, download
>HijackThis
>href="http://www.majorgeeks.com/download3155.html">* and post a log
>to
>this forum.
>
>- To protect against reinfection, download and use these:
> If at all possible, I recommend that you use alternative software, particularly
>web browsers and email clients:
> If this is not a viable option, or for additional protection, use these:
>
>
>
>- Optionally Reenable
>System Restore*.
>Better alternatives to
>System Restore.
>
>
>
> If you encounter any broken links, please inform
> me of them. Also note that these links direct through my web server to allow
>me to keep them
> up-to-date or post additional info. If you are unable to use the links above, click
>the stars
> instead, which are a direct link to the page in question.
>
>
>
[Reply or follow-up to this message]
|
re: New list of utilities
Monday, June 23, 2008 at 10:13 pm
Posted by Alex
(1 messages posted)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:11 AM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {44AF48D2-765B-401C-A801-7CD53A836A22} - C:\WINDOWS\system32\hgGwuSJD.dll
(file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program
Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {AC519E4E-EDF0-48C7-8ADA-2A4A5B1C81C9} - C:\WINDOWS\system32\ddcYOEWM.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {1ad8b577-64b6-9259-9934-04865b86057e} - {e75068b5-6840-4399-9529-6b46775b8da1}
- C:\WINDOWS\system32\puothwbd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program
Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC4302] cmd /c del "C:\WINDOWS\system32\urqPgHWo.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5778] command /c del "C:\WINDOWS\system32\hgGwuSJD.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8453] cmd /c del "C:\WINDOWS\system32\hgGwuSJD.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3767] command /c del "C:\WINDOWS\system32\urqPgHWo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1558] cmd /c del "C:\WINDOWS\system32\urqPgHWo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6645] command /c del "C:\WINDOWS\system32\hgGwuSJD.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9187] cmd /c del "C:\WINDOWS\system32\hgGwuSJD.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7632] command /c del "C:\WINDOWS\system32\urqPgHWo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2943] cmd /c del "C:\WINDOWS\system32\urqPgHWo.dll_old"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
(User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents
and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
(file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
- C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program
Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: uxxpmits.dll puothwbd.dll
O20 - Winlogon Notify: ddcYOEWM - C:\WINDOWS\SYSTEM32\ddcYOEWM.dll
--
End of file - 6640 bytes
[Reply or follow-up to this message]
| |
Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread
| |
Return to the Windows XP Discussion Forum
|
|
|
|
