|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Dell PowerEdge Servers
|
|
#1
August 22nd, 2004, 05:22 AM
|
|||
|
|||
|
Hijackthis log please...
Hello, I've got an up-to-date log, with Spybot, AdAware and CWShredder all run. Would muchly appreciate your assistance.
Logfile of HijackThis v1.98.2 Scan saved at 8:09:39 PM, on 8/22/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\CFGSAFE\AUTOCHK.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\USBMONIT.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\LOTUS\WORDPRO\WORDPRO.EXE C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\AOL 7.0A\WAOL.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\PROGRAM FILES\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tripplej.net.au/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.abc.net.au/triplej R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL Australia R3 - Default URLSearchHook is missing O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\MSGR.EN-US.EN-AU\MSNTB.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [Windows Update Files] C:\Program Files\microsoft hardware\dnetc.exe O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [TestDrive6.exe] C:\WINDOWS\DESKTOP\TESTDR~1.EXE /r O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe" O4 - HKLM\..\Run: [Oy1tl] C:\WINDOWS\TEMP\OY1TL.EXE O4 - HKLM\..\Run: [4LQT2W@5YML4@6] C:\WINDOWS\SYSTEM\LgnK8V3.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ScanRegistry] c:\windows\system\scanregw.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Qpmobnq] C:\WINDOWS\SYSTEM\rfkez.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - User Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe O4 - User Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - User Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) - http://www.dialerzona.com/cuadruple.cab O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
|
|
#2
August 22nd, 2004, 11:35 AM
|
||||
|
||||
|
Can you please give people a chance before reposting your thread? You only posted your first thread a few days ago.
|
|
#3
August 23rd, 2004, 06:06 AM
|
|||
|
|||
|
Quote:
Sory, the other one was run with out-of-date programs, so I reposted. Perhaps I should have jsut added it on to the other thread.
|
|
#4
August 23rd, 2004, 09:07 PM
|
|||
|
|||
|
Hi krit,
You might want to print these instructions for reference, as you will be off the internet while using HijackThis. Please download and run LSPFix from here: http://cexx.org/LSPFix.exe On the opening screen, click "I know what I'm doing".. Check all instances of "lspak.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish. Then... You are infected with the peper trojan: Download PeperFix: http://downloads.subratam.org/PeperFix.exe Save it to your Desktop. Click on the PeperFix.exe to launch it. Click the Find and Fix button. It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files. Ensure that you are online before starting the fix. Make sure to run the fix twice. Then... Please move or unzip HijackThis to a permanent folder such as C:\HJT\HijackThis.exe It is important that it is in it's own folder as it will make important backups of what we will fix. Please open My Computer > double-click your C:\ drive > File > New > Folder > name it HJT and put HijackThis into that folder. Run HijackThis, close all browsers and any other windows, place a checkmark next to the following items. Click "fix checked". R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [Windows Update Files] C:\Program Files\microsoft hardware\dnetc.exe O4 - HKLM\..\Run: [Oy1tl] C:\WINDOWS\TEMP\OY1TL.EXE O4 - HKLM\..\Run: [4LQT2W@5YML4@6] C:\WINDOWS\SYSTEM\LgnK8V3.exe O4 - HKCU\..\Run: [Qpmobnq] C:\WINDOWS\SYSTEM\rfkez.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) - http://www.dialerzona.com/cuadruple.cab O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab Is this a vaild program? O4 - HKLM\..\Run: [TestDrive6.exe] C:\WINDOWS\DESKTOP\TESTDR~1.EXE /r This is an optional fix. It does not need to be running at startup: O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot Boot into Safe Mode. Reboot your computer, start tapping F8 when it first starts booting, select Safe Mode. Show hidden files: How to Show hidden files and folders. http://www.xtra.co.nz/help/0,,4155-1916458,00.html Delete the following files: C:\WINDOWS\TEMP\OY1TL.EXE C:\WINDOWS\SYSTEM\LgnK8V3.exe C:\WINDOWS\SYSTEM\rfkez.exe Delete the following folders: C:\Program Files\microsoft hardware\ Open My Computer, browse to C:\documents and settings\User Name(repeat for all users)\local settings\temp folder and delete all files and folders in it. Open My Computer, browse to C:\Windows\Temp folder and delete all files and folders in it. Internet Explorer click Tools > Internet Options > General. Click "Delete Files",also check "delete all offline content" Click OK. Empty your Recycle Bin. Reboot normally and post a fresh HijackThis log. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#5
August 24th, 2004, 07:37 AM
|
||||
|
||||
|
Hello, Tom.
Many thanks for your assistance so far, I followed all your instructions yet all did not go as anticipated... Quote:
It didn't actually find any peper files at all (I ran it a couple of times). Quote:
None of those files or folders, were on my system (and hidden files/folders were in view). All the other instructions were followed, here is a fresh log: Logfile of HijackThis v1.98.2 Scan saved at 10:27:59 PM, on 8/24/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\CFGSAFE\AUTOCHK.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\USBMONIT.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\LOTUS\WORDPRO\WORDPRO.EXE C:\PROGRAM FILES\AOL 7.0A\WAOL.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\HJT\HIJACKTHIS.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tripplej.net.au/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.abc.net.au/triplej R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL Australia O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\MSGR.EN-US.EN-AU\MSNTB.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ScanRegistry] c:\windows\system\scanregw.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - User Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe O4 - User Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - User Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=3cbaa5cbfe9901c316183e270b9744eabb5565faebcec4663c29a405e890ccd5f74097a4e1063a6370a696cded5d33a328 8108ab713c421a:ea3fda0df2f9b3bc67b04dcf28cf3274
|
|
#6
August 24th, 2004, 12:43 PM
|
|||
|
|||
|
Good work!
Remove this line with HijackThis: O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=3cbaa5cbfe9901c316183e270b9744eabb5565faebcec4663c29a405e890ccd5f74097a4e1063a6370a696cded5d33a328 8108ab713c421a:ea3fda0df2f9b3bc67b04dcf28cf3274 If you install Spywareblaster it will block it from loading again: These are tools that will help keep you from getting infected again: SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html SpywareGuard is a real-time spyware scanner. http://www.wilderssecurity.net/spywareguard.html IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD All are very small free programs. Occasionally check for updates. Check for updates for Windows and Internet Explorer every week or so. Download each critical update one by one, rebooting when necessary.. Repeat this until you get the message "no critical updates available" http://v4.windowsupdate.microsoft.com/ Please take a minute to read: So how did I get infected in the first place? http://computercops.biz/postlite7736-.html Feel free to post a log for final review. Tom
|
|
#7
August 28th, 2004, 08:45 PM
|
|||
|
|||
|
Ah, many thanks. I now have all those precautions in place. Here is a final log:
Logfile of HijackThis v1.98.2 Scan saved at 11:41:27 AM, on 8/29/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\CFGSAFE\AUTOCHK.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\USBMONIT.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\PROGRAM FILES\AOL 7.0A\WAOL.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\HJT\HIJACKTHIS.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tripplej.net.au/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.abc.net.au/triplej R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL Australia O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\MSGR.EN-US.EN-AU\MSNTB.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ScanRegistry] c:\windows\system\scanregw.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - User Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe O4 - User Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O4 - User Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Hijackthis log please... |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
