SunQuest
           Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

HJT log as i think i have a trojen or something...

Discuss HJT log as i think i have a trojen or something... in the Antivirus Protection forum on Dev Shed.
HJT log as i think i have a trojen or something... Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!
  #1  
Old July 3rd, 2004, 10:42 AM
RadioactiveFrog's Avatar
RadioactiveFrog RadioactiveFrog is offline
sleeping guru
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Feb 2003
Location: under the stars
Posts: 2,444 RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)  Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1
Time spent in forums: 6 Days 6 h 18 m 28 sec
Reputation Power: 171
Send a message via MSN to RadioactiveFrog
Exclamation HJT log as i think i have a trojen or something...
Hey all i wonder if someone can have a look at this log for me...its from my dads puter. Everytime you log in it loads up a cmd window with telnet in it...kinda strange and im not too sure what it is doing!!

if anyone can let me know what they think that would be great. I have run spybot a few times but no luck...virus checker is norton and is up to date...oh yes and the os is winxp pro...thanks in advanced

RF

Logfile of HijackThis v1.97.7
Scan saved at 16:38:52, on 03/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\Shotz\Shotz Snap 'N' Save.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zaplus.exe
C:\Documents and Settings\Grae.SMART\Desktop\hijackthis1977\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Shotz Snap 'N' Save] C:\PROGRA~1\Shotz\Shotz Snap 'N' Save.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: ZoneAlarm Plus.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zaplus.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm314
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0631ccf...ip/RdxIE601.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.177.235.253:8888/activex/AxisCamControl.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pu...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Reply With Quote
  #2  
Old July 3rd, 2004, 10:59 AM
edwinbrains's Avatar
edwinbrains edwinbrains is offline
Retired Moderator
Dev Shed God 4th Plane (6500 - 6999 posts)
  
Join Date: Jan 2004
Location: London, UK
Posts: 6,670 edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)  Folding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced Folder
Time spent in forums: 1 Week 6 Days 23 h 36 m 40 sec
Reputation Power: 92
Thread moved.
__________________
- Edwin -

The General Rules Thread | The General FAQ Thread
Reply With Quote
  #3  
Old July 3rd, 2004, 10:37 PM
Grinler Grinler is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2004
Posts: 171 Grinler User rank is Private First Class (20 - 50 Reputation Level)Grinler User rank is Private First Class (20 - 50 Reputation Level) 
Time spent in forums: 4 h 24 m 5 sec
Reputation Power: 5
I want you to fix some of those entries. Please do the following:


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm314
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0631ccf...ip/RdxIE601.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

Reboot your computer into Safe Mode and delete the following files:

Then delete these

C:\Program Files\MyWebSearch\
C:\WINDOWS\System32\mcc.exe

Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore
or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

Do you know what this program is?

O4 - HKLM\..\Run: [Shotz Snap 'N' Save] C:\PROGRA~1\Shotz\Shotz Snap 'N' Save.exe

Reboot your computer to go back to normal mode and post a new log. Also tell me if you know what that programis.
Comments on this post
JLR_84 agrees: Thanks for helping out!
Reply With Quote
  #4  
Old July 5th, 2004, 04:34 AM
RadioactiveFrog's Avatar
RadioactiveFrog RadioactiveFrog is offline
sleeping guru
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Feb 2003
Location: under the stars
Posts: 2,444 RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)  Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1
Time spent in forums: 6 Days 6 h 18 m 28 sec
Reputation Power: 171
Send a message via MSN to RadioactiveFrog
edwin: sorry didn't know there was a antivirus forum area! is it new? i guess so

Grinler: thanks for your reply, i will get to work and let you know the outcome

RF
Reply With Quote
  #5  
Old July 5th, 2004, 09:44 AM
edwinbrains's Avatar
edwinbrains edwinbrains is offline
Retired Moderator
Dev Shed God 4th Plane (6500 - 6999 posts)
  
Join Date: Jan 2004
Location: London, UK
Posts: 6,670 edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)  Folding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced Folder
Time spent in forums: 1 Week 6 Days 23 h 36 m 40 sec
Reputation Power: 92
Quote:
Originally Posted by RadioactiveFrog
edwin: sorry didn't know there was a antivirus forum area! is it new? i guess so


Yep, it's pretty new. It was created because of the huge number of spyware problems that there were in the Windows forum.

But, I'll shutup now and leave you in the capable hands of Grinler...
Reply With Quote
  #6  
Old July 5th, 2004, 11:58 AM
RadioactiveFrog's Avatar
RadioactiveFrog RadioactiveFrog is offline
sleeping guru
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Feb 2003
Location: under the stars
Posts: 2,444 RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)  Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1
Time spent in forums: 6 Days 6 h 18 m 28 sec
Reputation Power: 171
Send a message via MSN to RadioactiveFrog
edwin: yes i didn't think i had seen it before so i just went straight to the windows area but i will remember in future!! or at least try to!!

Thanks

RF

P.S. i have not been able to get on my dads machine all day as it is being used..so will try later!!!!
Reply With Quote
  #7  
Old July 5th, 2004, 04:04 PM
RadioactiveFrog's Avatar
RadioactiveFrog RadioactiveFrog is offline
sleeping guru
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Feb 2003
Location: under the stars
Posts: 2,444 RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)  Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1
Time spent in forums: 6 Days 6 h 18 m 28 sec
Reputation Power: 171
Send a message via MSN to RadioactiveFrog
ok, well all seems to be good thanks very much!! The Shotz snap and save program is for his digi camera so that is fine!

here is the new log anyway..

Logfile of HijackThis v1.97.7
Scan saved at 22:02:54, on 05/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Shotz\Shotz Snap 'N' Save.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zaplus.exe
C:\Documents and Settings\Grae.SMART\Desktop\hijackthis1977\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Shotz Snap 'N' Save] C:\PROGRA~1\Shotz\Shotz Snap 'N' Save.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Plus.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zaplus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.177.235.253:8888/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pu...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab


cheers very much

RF
Reply With Quote
  #8  
Old July 5th, 2004, 04:36 PM
Grinler Grinler is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2004
Posts: 171 Grinler User rank is Private First Class (20 - 50 Reputation Level)Grinler User rank is Private First Class (20 - 50 Reputation Level) 
Time spent in forums: 4 h 24 m 5 sec
Reputation Power: 5
You are all clean now. Good job
Reply With Quote
  #9  
Old July 5th, 2004, 04:50 PM
RadioactiveFrog's Avatar
RadioactiveFrog RadioactiveFrog is offline
sleeping guru
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Feb 2003
Location: under the stars
Posts: 2,444 RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)RadioactiveFrog User rank is First Lieutenant (10000 - 20000 Reputation Level)  Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1Folding Points: 155419 Folding Title: Super Ultimate Folder - Level 1
Time spent in forums: 6 Days 6 h 18 m 28 sec
Reputation Power: 171
Send a message via MSN to RadioactiveFrog
That is good to know!! Thanks

RF
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > HJT log as i think i have a trojen or something...

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump