Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old March 26th, 2004, 12:21 PM
greorge greorge is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Mar 2004
Posts: 1 greorge User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
my hijackthis logfile

please do tell me what to delete...thank you in advance!


Logfile of HijackThis v1.97.7
Scan saved at 2:08:11 AM, on 3/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\javaw.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Alset\HelpExpress\George Pangan\Client\HelpExp.exe
C:\Program Files\Alset\HelpExpress\George Pangan\HXDL.EXE
C:\Program Files\couponsandoffers\couponsandoffers.exe
C:\Program Files\SysAI\SysAI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iMesh\Client\iMeshClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Kazaa\My Shared Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {37048D8F-D706-CD5D-A02E-20676D37F55A} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [couponsandoffers] javaw -cp "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\George Pangan\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\George Pangan\Client\HelpExp.exe
O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\Alset\HelpExpress\George Pangan\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - URL
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - URL
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - URL
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - URL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - URL
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E264BAB-9FBF-44AD-8434-2EB642E3371A}: NameServer = 202.78.97.3,202.78.97.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E264BAB-9FBF-44AD-8434-2EB642E3371A}: NameServer = 202.78.97.3,202.78.97.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E264BAB-9FBF-44AD-8434-2EB642E3371A}: NameServer = 202.78.97.3,202.78.97.2

Reply With Quote
  #2  
Old March 26th, 2004, 01:52 PM
Tom Myboy Tom Myboy is offline
Contributing User
Dev Shed Regular (2000 - 2499 posts)
 
Join Date: Aug 2003
Posts: 2,491 Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 3 Days 20 h 13 m 41 sec
Reputation Power: 18
Hi

You seem to be infected with ADW_RULEDOR.C (a form of adware).

Please download, install, update and scan with Spybot Search and Destroy and Adaware (links are below). Remove all items that turn up in the scans. Then post a new HijackThis log.

Tom
__________________
HijackThis
Ad-aware
Spybot Search & Destroy
SpywareBlaster
SpywareGuard
Housecall Online A/V Scan

Please read the stickys at the top of the forum before posting!

Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > my hijackthis logfile

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap