Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - dlo8

Pages: [1]

Tech Clinic / Another computer that might have been infected

« on: March 13, 2005, 12:25:08 AM »

hey guestolo
this is like the 4th time u help me out..
how do u know these stuff?
and how do you determine whether or not it's a spyware and stuff.?
if i get familiar with them.. next time i might even try to do it myself!

Tech Clinic / Another computer that might have been infected

« on: March 12, 2005, 02:12:38 AM »

Any help for this log?
i don't think this log is that messy but ...

here u go

Logfile of HijackThis v1.99.1
Scan saved at 2:06:03 AM, on 3/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
E:\program\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

thanx

Tech Clinic / This computer needs help (for hijack log)

« on: January 27, 2005, 07:26:44 PM »

scandump.txt

Scan Control Dumped @ 17:22:00 27-01-05
Positive identification: TrojanDownloader.Win32.Dyfuca.dp
File: c:\documents and settings\owner\local settings\temp\cln14.tmp

Positive identification: Adware.180Solutions.j
File: c:\documents and settings\owner\local settings\temp\dela.tmp

Positive identification: TrojanDownloader.Win32.IstBar.fr2
File: c:\documents and settings\owner\local settings\temp\sidefind.exe

Positive identification (DLL): Adware.Toolbar.SideFind.a BHO (dll)
File: c:\program files\sidefind\sfbho.dll

Positive identification (DLL): Adware.Toolbar.SideFind.a BHO (dll)
File: c:\system volume information\_restore{30f71744-7195-4a81-bc43-76afe6b4af0f}\rp199\a0017402.dll

New hijack log

Logfile of HijackThis v1.99.0
Scan saved at 5:24:16 PM, on 1/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.Email Removed
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7FA3818-E0C7-4871-A9F3-AA546D26F375}: NameServer = 69.18.32.50 69.18.32.51
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® NMS - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

i hope these look clean now!

Tech Clinic / This computer needs help (for hijack log)

« on: January 26, 2005, 05:38:33 PM »

I think there are some viruses in this computer
so let me know which ones that i can clean up.. and how to clean out
thanx

Logfile of HijackThis v1.99.0
Scan saved at 3:33:43 PM, on 1/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\msiexec.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Ynnh\Wbhd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
\?\C:\WINNT\system32\WBEM\WMIADAP.EXE
C:\Program Files\Symantec AntiVirus\VPC32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Windows Compliant] rhrzic.exe
O4 - HKLM\..\Run: [otLlmZa] C:\WINNT\xyeuhhqc.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINNT\System32\pcjfmd.exe
O4 - HKLM\..\Run: [Moawtam] C:\Program Files\Ynnh\Wbhd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunServices: [Windows Compliant] rhrzic.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [Windows Compliant] rhrzic.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.Email Removed
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7FA3818-E0C7-4871-A9F3-AA546D26F375}: NameServer = 69.18.32.50 69.18.32.51
O21 - SSODL: mtklef - {855A4F3A-1CDB-452A-8FA4-1D89B4BAEBEE} - C:\WINNT\System32\woqnoz32.dll (file missing)
O21 - SSODL: mtkle - {212C666F-7502-4EFC-6FBB-ED774E2D8942} - C:\WINNT\System32\izfmdu32.dll (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® NMS - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Tech Clinic / check this hijacklog to see if anythin left over!

« on: January 26, 2005, 11:20:17 AM »

hey.. it's me again.. here is another Hijack log.. i have tried to clean it.. and i just want someone to check if this log is clean!

Logfile of HijackThis v1.99.0
Scan saved at 9:12:27 AM, on 1/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{063E526A-CED0-4554-94F3-37667251B849}: NameServer = 63.161.98.2 205.229.200.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{063E526A-CED0-4554-94F3-37667251B849}: NameServer = 63.161.98.2 205.229.200.2
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Tech Clinic / Adware and junks on my computer is slowin me down!

« on: January 15, 2005, 11:57:53 PM »

and do u think i can safely delete all my \Local Settings\Temp folder's files?

Tech Clinic / Adware and junks on my computer is slowin me down!

« on: January 15, 2005, 11:56:39 PM »

hey its you again!
now i am try to clean up another computer of mine (my girlfriend's)
yes.. i do have spyware blaster installed
and of course.. i also have spybot.. 1.3.1

by the way.. thax for the prior post.. now i think my comp is runnin fine

and here is the spybot log for the second computer! (HJT log is the second computer not the first)

--- Search result list ---
ISearchTech.PowerScan: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest

Altnet: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Altnet

Altnet: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\ADM25.ADM25

Altnet: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\ADM4.ADM4

WildMedia: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}

WildMedia: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\SearchHelp

WildMedia: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}

--- Spybot - Search & Destroy version: 1.3 .1TX (build: 20040801) ---

2004-05-12 blindman.exe (1.0.0.0)
2004-08-30 SpybotSD.exe (1.3.0.12)
2004-05-12 TeaTimer.exe (1.3.0.12)
2004-06-15 unins000.exe (51.15.0.0)
2004-05-12 Update.exe (1.3.0.0)
2004-10-04 advcheck.dll (1.0.1.0)
2004-05-12 borlndmm.dll (7.0.4.453)
2004-05-12 delphimm.dll (7.0.4.453)
2004-05-12 Tools.dll (2.0.0.0)
2004-05-12 UnzDll.dll (1.73.1.1)
2004-05-12 ZipDll.dll (1.73.2.0)
2004-11-29 Includes\Cookies.sbi
2005-01-04 Includes\Dialer.sbi
2005-01-04 Includes\Hijackers.sbi
2004-12-29 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2005-01-04 Includes\Malware.sbi
2004-08-11 Includes\plugin-ignore.ini
2003-11-12 Includes\QA Tests.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2005-01-05 Includes\Spybots.sbi
2003-11-21 Includes\Temporary.sbi
2004-11-29 Includes\Tracks.uti
2005-01-04 Includes\Trojans.sbi

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB890175

--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 66680
MD5: 371d2fa0dfeb9767b3cc7cae1ab21a5a

Located: HK_LM:Run, DwlClient
command: C:\Program Files\Common Files\Dell\EUSW\Support.exe
file: C:\Program Files\Common Files\Dell\EUSW\Support.exe
size: 245760
MD5: 58cd30203ddb67fad6a34aa624fa0141

Located: HK_LM:Run, E1K9H
command: C:\documents and settings\fish\local settings\temp\E1K9H.exe
file: C:\documents and settings\fish\local settings\temp\E1K9H.exe
size: 200770
MD5: 6b829bd4a420ba00794fe6f87cbfcd03

Located: HK_LM:Run, eNVzIb
command: C:\documents and settings\fish\local settings\temp\eNVzIb.exe
file: C:\documents and settings\fish\local settings\temp\eNVzIb.exe
size: 200908
MD5: cf1b6119a8d213702dbc6d754b85e81b

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 3a9978c5caec77771ff28eb7a3889639

Located: HK_LM:Run, hwlrwL
command: C:\windows\system32\hwlrwL.exe
file: C:\windows\system32\hwlrwL.exe
size: 233620
MD5: 837aff6886e55e5384e390bcaa6d0f9e

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 735486208c3a359cab624526e4467257

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f

Located: HK_LM:Run, l
command: C:\documents and settings\fish\local settings\temp\l.exe
file: C:\documents and settings\fish\local settings\temp\l.exe
size: 172094
MD5: 1a0c22d0ef0785aed1030af41be32d83

Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe
size: 169096
MD5: c39294d45e86155690266d05b2da6d77

Located: HK_LM:Run, mmtask
command: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
file: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
size: 53248
MD5: 6631470725d1c58a2b9c3ce1ce1929f9

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4

Located: HK_LM:Run, MyPointsPointAlert0
command: "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
file: C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe
size: 98304
MD5: a8e8e8d3507939c7b0626c67340f82ba

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, RVRgiIbY.exe
command: c:\windows\system32\RVRgiIbY.exe
file: c:\windows\system32\RVRgiIbY.exe
size: 176362
MD5: bb6b2e25a5506ea2a92ad583a5cf3313

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 3cf6bff887af6f733473d81a8921a5c5

Located: HK_LM:Run, UdoLX8
command: C:\documents and settings\fish\local settings\temp\UdoLX8.exe
file: C:\documents and settings\fish\local settings\temp\UdoLX8.exe
size: 233656
MD5: bf22b6762024ca12fee0eab52f43f3fa

Located: HK_LM:Run, UZinV1
command: C:\documents and settings\fish\local settings\temp\UZinV1.exe
file: C:\documents and settings\fish\local settings\temp\UZinV1.exe
size: 172146
MD5: 22a337dd85a7857258e203841863d24a

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 124128
MD5: 5972a3384ebceaeb99f4216e77ebed59

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, MessengerPlus3
command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe
size: 169096
MD5: c39294d45e86155690266d05b2da6d77

Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 4849664
MD5: 9c588e9844ba27135f0c4147d1b38c07

Located: HK_CU:Run, STYLEXP
command: C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

Located: Startup (user), AntiCrash.lnk
command: C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
file: C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
size: 2301798
MD5: d650e0bb24c1c4d796fd2e88e8fdfeff

Located: Startup (user), Hare.lnk
command: C:\Program Files\Dachshund Software\Hare\Hare.exe
file: C:\Program Files\Dachshund Software\Hare\Hare.exe
size: 1874381
MD5: a4df641cda8a91a844b1f069ca2daf4c

Located: Startup (user), Zoom.lnk
command: C:\Program Files\Dachshund Software\Zoom\Zoom.exe
file: C:\Program Files\Dachshund Software\Zoom\Zoom.exe
size: 1446302
MD5: 46852612f2d80b11517055eb208a2f15

Located: WinLogon, crypt32chain
command: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll

Located: WinLogon, igfxcui
command: igfxsrvc.dll

Located: WinLogon, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 83176
MD5: 55dc54c87fa324a4cd32b3b407307671

Located: WinLogon, ScCertProp
command: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll

--- Browser helper object list ---
{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} (Search Help)
BHO name: Search Help
CLSID name: CSearchHelpIEExtension Object
Path: C:\Documents and Settings\Fish\Local Settings\Temp\
Long name: 36UFp.dll
Short name:
Date (created): 1/14/2005 1:32:14 PM
Date (last access): 1/15/2005 8:50:58 PM
Date (last write): 1/14/2005 1:37:16 PM
Filesize: 119057
Attributes: archive
MD5: 2FFB83A22D7DBC19A1039E84DF51FD59
CRC32: 8E321627
Version: 0.1.0.0

--- ActiveX list ---
Yahoo! Pool 2 (Yahoo! Pool 2)
DPF name: Yahoo! Pool 2
CLSID name:

Yahoo! Spades (Yahoo! Spades)
DPF name: Yahoo! Spades
CLSID name:

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 8/27/2003 3:10:30 AM
Date (last access): 1/15/2005 9:48:28 PM
Date (last write): 8/27/2003 3:10:30 AM
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 0.11.0.0

{4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EPUWalcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 5/15/2004 2:14:18 PM
Date (last access): 1/15/2005 9:47:10 PM
Date (last write): 5/15/2004 2:14:18 PM
Filesize: 884736
Attributes: archive
MD5: ACBDA0F01F0A678AB5E6CC9080708C7D
CRC32: B21B099F
Version: 0.1.0.0

{D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class)
DPF name:
CLSID name: Uploader Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: WebUploadClient.dll
Short name: WEBUPL~1.DLL
Date (created): 10/25/2004 11:19:30 AM
Date (last access): 1/15/2005 9:47:10 PM
Date (last write): 10/25/2004 11:19:30 AM
Filesize: 3612672
Attributes: archive
MD5: 09A8259560E8342F8FB095399D3442F6
CRC32: 4A52C06A
Version: 0.2.0.0

{E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class)
DPF name:
CLSID name: EPSImageControl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EPScontrol.dll
Short name: EPSCON~1.DLL
Date (created): 1/12/2004 9:49:20 AM
Date (last access): 1/15/2005 9:47:10 PM
Date (last write): 1/12/2004 9:49:20 AM
Filesize: 885248
Attributes: archive
MD5: C69F7705F630B2204DBF13B1F30804AE
CRC32: 15BAE482
Version: 0.1.0.0

--- Process list ---

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 124 ( 700) C:\WINDOWS\System32\svchost.exe
PID: 160 ( 364) C:\documents and settings\fish\local settings\temp\E1K9H.exe
PID: 240 ( 364) C:\documents and settings\fish\local settings\temp\l.exe
PID: 312 ( 364) C:\documents and settings\fish\local settings\temp\UZinV1.exe
PID: 348 ( 364) C:\windows\system32\hwlrwL.exe
PID: 364 ( 328) C:\WINDOWS\Explorer.EXE
PID: 432 ( 700) C:\WINDOWS\system32\cisvc.exe
PID: 444 ( 700) C:\Program Files\Symantec AntiVirus\DefWatch.exe
PID: 460 ( 700) C:\Program Files\Executive Software\Diskeeper\DkService.exe
PID: 524 ( 700) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 584 ( 4) \SystemRoot\System32\smss.exe
PID: 608 ( 700) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PID: 632 ( 584) csrss.exe
PID: 656 ( 584) \??\C:\WINDOWS\system32\winlogon.exe
PID: 700 ( 656) C:\WINDOWS\system32\services.exe
PID: 712 ( 656) C:\WINDOWS\system32\lsass.exe
PID: 716 ( 364) C:\windows\system32\RVRgiIbY.exe
PID: 868 ( 700) C:\WINDOWS\system32\svchost.exe
PID: 912 ( 904) C:\WINDOWS\SYSTEM32\RVRgiIbY.exe
PID: 952 ( 700) svchost.exe
PID: 1048 ( 364) C:\Program Files\Internet Explorer\iexplore.exe
PID: 1064 ( 700) C:\WINDOWS\System32\svchost.exe
PID: 1092 ( 700) C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PID: 1176 ( 700) svchost.exe
PID: 1248 ( 964) C:\Program Files\MSN Messenger\msnmsgr.exe
PID: 1264 ( 364) C:\WINDOWS\system32\ctfmon.exe
PID: 1296 ( 364) C:\WINDOWS\System32\hkcmd.exe
PID: 1316 ( 700) svchost.exe
PID: 1388 ( 700) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PID: 1420 ( 364) C:\Program Files\Common Files\Dell\EUSW\Support.exe
PID: 1424 ( 700) wdfmgr.exe
PID: 1448 ( 700) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PID: 1612 ( 364) C:\Program Files\Messenger Plus! 3\MsgPlus.exe
PID: 1648 ( 364) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PID: 1656 ( 364) C:\PROGRA~1\SYMANT~1\VPTray.exe
PID: 1700 ( 364) C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
PID: 1720 ( 364) C:\documents and settings\fish\local settings\temp\UdoLX8.exe
PID: 1728 ( 364) C:\documents and settings\fish\local settings\temp\eNVzIb.exe
PID: 2024 ( 700) C:\WINDOWS\system32\spoolsv.exe
PID: 2096 (1676) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 2296 (1668) C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert1.exe
PID: 2308 ( 364) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 2348 (2296) C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe
PID: 2460 ( 700) alg.exe
PID: 2664 (1584) C:\WINDOWS\Integrator.exe
PID: 3064 ( 432) C:\WINDOWS\system32\cidaemon.exe
PID: 3192 ( 700) C:\WINDOWS\System32\svchost.exe
PID: 3956 ( 364) C:\Program Files\Windows Media Player\wmplayer.exe
Spybot - Search && Destroy process list report, 1/15/2005 9:50:39 PM

--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 1/15/2005 9:50:39 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://home.microsoft.com/access/allinone.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.microsoft.com/search/lobby/search.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dellnet.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.dellnet.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/src...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/src...st/srchcust.htm

--- Winsock Layered Service Provider list ---

mostly the most annoyin one is that i can't remove "CSearchHelpIEExtension Object" that i found with ToolBar Cop.. cause i would remove it but then next time i restart.. it would restart also and mess up my internet explorer..
and sometimes when i load a page on this computer it takes me to some ad234.com.. something like that..
hope this helps!

Tech Clinic / Adware and junks on my computer is slowin me down!

« on: January 15, 2005, 11:01:53 PM »

I need help.. my computer runs slow.. and internet explorer status bar is missin all the time (i think it's because "cssearch" but i can't uninstall it)
can anyone help me?

Logfile of HijackThis v1.99.0
Scan saved at 3:06:35 AM, on 1/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\documents and settings\fish\local settings\temp\UdoLX8.exe
C:\documents and settings\fish\local settings\temp\eNVzIb.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\documents and settings\fish\local settings\temp\E1K9H.exe
C:\documents and settings\fish\local settings\temp\l.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\documents and settings\fish\local settings\temp\UZinV1.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert1.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Fish\Local Settings\Temp\nWgm6.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UdoLX8] C:\documents and settings\fish\local settings\temp\UdoLX8.exe
O4 - HKLM\..\Run: [eNVzIb] C:\documents and settings\fish\local settings\temp\eNVzIb.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [E1K9H] C:\documents and settings\fish\local settings\temp\E1K9H.exe
O4 - HKLM\..\Run: [l] C:\documents and settings\fish\local settings\temp\l.exe
O4 - HKLM\..\Run: [UZinV1] C:\documents and settings\fish\local settings\temp\UZinV1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Pboqopy] C:\WINDOWS\system32\?|íchost.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU)
O9 - Extra button: ToolbarCop - {A349A035-E26F-454b-ABB4-5208E50E1BE7} - C:\\ToolbarCop.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: ToolbarCop - {A349A035-E26F-454b-ABB4-5208E50E1BE7} - C:\\ToolbarCop.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clie...ts/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clie...nts/y/st2_x.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/Web...ploadClient.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSCo...ol_v1-0-3-0.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Tech Clinic / Problem viewing dvd on my computer!

« on: January 08, 2005, 04:31:04 PM »

i tried to watch this dvd today.. for i have not use my computer to watch dvd for a long time, suddently it doesn't work! (with both media player and powerdvd)

wmp 9 gives me a message of "Windows Media Player cannot play DVD video. Open Display in Control Panel, and then lower your screen resolution and color quality settings. To view the DVD Troubleshooter, click More Information."

so i lower the setting, still doesn't work! the porblem is i can watch it about 2 weeks ago, and now nothing works!

my drive is workin fine.. i can watch other .avi and .mpg files.. but just can't watch dvd!
dvd is workin fine.. cause i played it on another computer! and it's original dvd.. not prirated also..

what should i do now?

Tech Clinic / I need help with my computer from my Hijack log

« on: January 08, 2005, 03:13:54 AM »

i got spybot 1.3.1 tx the newest one
and i updated, and then i scan...
39 problem.. fixed them all

heres spybot log

--- Search result list ---
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)

BFast: Tracking cookie (Firefox: default) (Cookie, nothing done)

BFast: Tracking cookie (Firefox: default) (Cookie, nothing done)

BFast: Tracking cookie (Firefox: default) (Cookie, nothing done)

DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

Gator: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)

LinkSynergy: Tracking cookie (Firefox: default) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

ValueClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

ValueClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.3 .1TX (build: 20040801) ---

2004-05-12 blindman.exe (1.0.0.0)
2004-08-30 SpybotSD.exe (1.3.0.12)
2004-05-12 TeaTimer.exe (1.3.0.12)
2004-06-15 unins000.exe (51.15.0.0)
2004-05-12 Update.exe (1.3.0.0)
2004-10-04 advcheck.dll (1.0.1.0)
2004-05-12 borlndmm.dll (7.0.4.453)
2004-05-12 delphimm.dll (7.0.4.453)
2004-05-12 SDHelper.dll (1.3.0.12)
2004-05-12 Tools.dll (2.0.0.0)
2004-05-12 UnzDll.dll (1.73.1.1)
2004-05-12 ZipDll.dll (1.73.2.0)
2004-11-29 Includes\Cookies.sbi
2005-01-04 Includes\Dialer.sbi
2005-01-04 Includes\Hijackers.sbi
2004-12-29 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2005-01-04 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2005-01-05 Includes\Spybots.sbi
2004-11-29 Includes\Tracks.uti
2005-01-04 Includes\Trojans.sbi

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185

--- Startup entries list ---
Located: HK_LM:Run, DiskeeperSystray
command: "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
file: C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
size: 180312
MD5: 3d85b07308c7b968419273ef6b1dfc35

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f

Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe
size: 169096
MD5: c39294d45e86155690266d05b2da6d77

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915a106a2fb87292cef0ad4f36adf313

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 124128
MD5: 5972a3384ebceaeb99f4216e77ebed59

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, MessengerPlus3
command: "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
file: C:\Program Files\Messenger Plus! 3\MsgPlus.exe
size: 169096
MD5: c39294d45e86155690266d05b2da6d77

Located: HK_CU:Run, SIDEBAR
command: "C:\Program Files\Desktop Sidebar\sidebar.exe"
file: C:\Program Files\Desktop Sidebar\sidebar.exe
size: 663552
MD5: 6daa0a08dc6e329188e03b490293e951

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d

Located: HK_CU:Run, STYLEXP
command: C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
file: C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
size: 25214
MD5: 850e31369379d2f915fe177d5e177f68

Located: Startup (user), AntiCrash.lnk
command: C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
file: C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
size: 2301798
MD5: d650e0bb24c1c4d796fd2e88e8fdfeff

Located: Startup (user), Hare.lnk
command: C:\Program Files\Dachshund Software\Hare\Hare.exe
file: C:\Program Files\Dachshund Software\Hare\Hare.exe
size: 1874381
MD5: a4df641cda8a91a844b1f069ca2daf4c

Located: WinLogon, crypt32chain
command: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll

Located: WinLogon, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 83176
MD5: 55dc54c87fa324a4cd32b3b407307671

Located: WinLogon, ScCertProp
command: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll

--- Browser helper object list ---
{A5366673-E8CA-11D3-9CD9-0090271D075B} (IeCatch2 Class)
BHO name:
CLSID name: IeCatch2 Class
description: FlashGet
classification: Open for discussion
known filename: Jccatch.dll
info link: http://www.amazesoft.com/
info source: TonyKlein
Path: C:\PROGRA~1\FlashGet\
Long name: Jccatch.dll
Short name:
Date (created): 4/28/2004 12:55:44 PM
Date (last access): 1/8/2005 1:03:12 AM
Date (last write): 1/16/2002 6:12:18 PM
Filesize: 65536
Attributes:
MD5: F2FAFE3CB6412C89F43D88CCEBE308F3
CRC32: B1AEC78B
Version: 0.1.0.1

{C333CF63-767F-4831-94AC-E683D962C63C} (TGTSoft Explorer Toolbar Changer)
BHO name: TGTSoft Explorer Toolbar Changer
CLSID name: CoTGT_BHO Class
Path: C:\Program Files\TGTSoft\StyleXP\
Long name: TGT_BHO.dll
Short name:
Date (created): 10/25/2004 1:32:22 PM
Date (last access): 1/8/2005 1:03:04 AM
Date (last write): 10/25/2004 1:32:22 PM
Filesize: 49152
Attributes: archive
MD5: 173F42E9A3281F408807404720D41105
CRC32: 6906889A
Version: 255.255.255.255

--- ActiveX list ---
Yahoo! Spades (Yahoo! Spades)
DPF name: Yahoo! Spades
CLSID name:

{00000055-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Shockwave 10\
Long name: Download.dll
Short name:
Date (created): 9/9/2004 3:36:40 PM
Date (last access): 12/29/2004 7:22:06 PM
Date (last write): 9/9/2004 3:36:40 PM
Filesize: 79048
Attributes: archive
MD5: 88E179D4DCBFE9C9D4BF796EC3E4BF76
CRC32: E90FC00F
Version: 0.10.0.1

{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 5/29/2003 4:00:22 PM
Date (last access): 1/8/2005 1:02:52 AM
Date (last write): 5/29/2003 4:00:22 PM
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 0.7.0.1

{4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EPUWalcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 5/15/2004 1:14:18 PM
Date (last access): 1/8/2005 1:02:52 AM
Date (last write): 5/15/2004 1:14:18 PM
Filesize: 884736
Attributes: archive
MD5: ACBDA0F01F0A678AB5E6CC9080708C7D
CRC32: B21B099F
Version: 0.1.0.0

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ()
DPF name:
CLSID name:

{4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class)
DPF name:
CLSID name: dldisplay Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ghdlctl.dll
Short name:
Date (created): 11/16/2003 10:02:40 PM
Date (last access): 1/8/2005 1:02:52 AM
Date (last write): 11/16/2003 10:02:40 PM
Filesize: 73728
Attributes: archive
MD5: 618A9D0EDB1046586B7467F9907BEB80
CRC32: C8371131
Version: 0.3.0.2

{62475759-9E84-458E-A1AB-5D2C442ADFDE} ()
DPF name:
CLSID name:

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 5/29/2003 4:00:20 PM
Date (last access): 1/8/2005 1:02:52 AM
Date (last write): 5/29/2003 4:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 0.7.0.1

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} ()
DPF name:
CLSID name:

--- Process list ---

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 276 ( 864) C:\WINDOWS\system32\slserv.exe
PID: 304 ( 864) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PID: 508 ( 864) wdfmgr.exe
PID: 552 ( 864) C:\WINDOWS\System32\wltrysvc.exe
PID: 576 ( 864) C:\WINDOWS\system32\svchost.exe
PID: 584 ( 552) C:\WINDOWS\System32\bcmwltry.exe
PID: 720 ( 4) \SystemRoot\System32\smss.exe
PID: 792 ( 720) csrss.exe
PID: 820 ( 720) \??\C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 864 ( 820) C:\WINDOWS\system32\services.exe
PID: 876 ( 820) C:\WINDOWS\system32\lsass.exe
PID: 1020 ( 864) C:\WINDOWS\system32\svchost.exe
PID: 1096 ( 864) svchost.exe
PID: 1136 ( 864) C:\WINDOWS\System32\svchost.exe
PID: 1164 ( 864) C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PID: 1256 ( 864) svchost.exe
PID: 1332 ( 864) svchost.exe
PID: 1348 ( 864) alg.exe
PID: 1496 (1688) C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PID: 1536 (1688) C:\Program Files\Messenger Plus! 3\MsgPlus.exe
PID: 1548 (1688) C:\PROGRA~1\SYMANT~1\VPTray.exe
PID: 1572 (1688) C:\Program Files\Desktop Sidebar\sidebar.exe
PID: 1636 (1688) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 1680 ( 864) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PID: 1688 (1660) C:\WINDOWS\Explorer.EXE
PID: 1696 (1688) C:\WINDOWS\system32\ctfmon.exe
PID: 1772 ( 864) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PID: 1892 ( 864) C:\WINDOWS\system32\spoolsv.exe
PID: 1996 ( 864) C:\Program Files\Symantec AntiVirus\DefWatch.exe
PID: 2016 ( 864) C:\Program Files\Executive Software\Diskeeper\DkService.exe
PID: 2444 (1688) C:\Program Files\Mozilla Firefox\firefox.exe
PID: 2912 (1464) C:\WINDOWS\Integrator.exe
PID: 3016 (1688) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 3252 (1572) C:\Program Files\Windows Media Player\wmplayer.exe
Spybot - Search && Destroy process list report, 1/8/2005 1:07:15 AM

--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 1/8/2005 1:07:15 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.averatec.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/src...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/src...st/srchcust.htm

--- Winsock Layered Service Provider list ---

Tech Clinic / I need help with my computer from my Hijack log

« on: January 08, 2005, 01:33:35 AM »

sure.. here you go.. please help

Logfile of HijackThis v1.99.0
Scan saved at 11:29:02 PM, on 1/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Desktop Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = %SystemRoot%\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clie...nts/y/st2_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe (file missing)

Tech Clinic / I need help with my computer from my Hijack log

« on: January 07, 2005, 06:05:04 PM »

i have tried to scan with spybot and adaware.. everytime something come up on the programs then i would clean it, and then it would be fine
if i reboot.. then when i scan again.. the same spyware stuff pop up, so i have to clean it again..
i need help to remove these spyware on my computer permanently.. even after i reboot after scan
can someone help me please?

Logfile of HijackThis v1.99.0
Scan saved at 3:43:02 PM, on 1/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Desktop Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = %SystemRoot%\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clie...nts/y/st2_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe (file missing)

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - dlo8

Tech Clinic / Another computer that might have been infected

Tech Clinic / Another computer that might have been infected

Tech Clinic / This computer needs help (for hijack log)

Tech Clinic / This computer needs help (for hijack log)

Tech Clinic / check this hijacklog to see if anythin left over!

Tech Clinic / Adware and junks on my computer is slowin me down!

Tech Clinic / Adware and junks on my computer is slowin me down!

Tech Clinic / Adware and junks on my computer is slowin me down!

Tech Clinic / Problem viewing dvd on my computer!

Tech Clinic / I need help with my computer from my Hijack log

Tech Clinic / I need help with my computer from my Hijack log

Tech Clinic / I need help with my computer from my Hijack log