HighJackthis One

Discussion in 'Windows Desktop Systems' started by Heeter, Apr 2, 2004.

  1. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Hi Guys,

    I would like your assistance on this. I can see a few myself. An Updated spybot 1.2 was run a few times before this log was taken.

    Logfile of HijackThis v1.97.7
    Scan saved at 6:10:21 PM, on 4/1/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\Mixer.exe
    D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    D:\Program Files\Logitech\ImageStudio\LogiTray.exe
    D:\Program Files\ClearSearch\Loader.exe
    D:\WINDOWS\System32\SahAgent.exe
    D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    D:\WINDOWS\System32\CTHELPER.EXE
    D:\Program Files\NavNT\vptray.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    D:\Program Files\PrecisionTime\PrecisionTime.exe
    D:\Program Files\Date Manager\DateManager.exe
    C:\Paltalk\pnetaware.exe
    D:\WINDOWS\System32\CTsvcCDA.exe
    D:\Program Files\NavNT\defwatch.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\NavNT\rtvscan.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\WINDOWS\System32\MsgSys.EXE
    C:\Paltalk\Paltalk.exe
    D:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - D:\Program Files\ClearSearch\IE_ClrSch.DLL
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - D:\WINDOWS\bi.dll
    O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - D:\WINDOWS\System32\n3tpa1.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\windows\googletoolbar2.dll
    O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\windows\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] D:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] D:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [EasyDates_ca] C:\Program Files\ComSoft\Dialers\EasyDates_ca\EasyDates_ca.exe /dontdial
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [wyimehmq] D:\WINDOWS\lsnylu.exe
    O4 - HKLM\..\Run: [ClrSchLoader] D:\Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [SAHAgent] D:\WINDOWS\System32\SahAgent.exe
    O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ContentService] D:\WINDOWS\System32\winservn.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: PrecisionTime.lnk = D:\Program Files\PrecisionTime\PrecisionTime.exe
    O4 - Global Startup: Date Manager.lnk = D:\Program Files\Date Manager\DateManager.exe
    O8 - Extra context menu item: &Google Search - res://d:\windows\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://d:\windows\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\windows\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://d:\windows\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://d:\windows\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} (DownloadUL Class) - http://www2.skoobidoo.com/softwares//Download_UL.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB


    Thanks,
    Heeter
     
  2. Enyo

    Enyo Moderator

    Messages:
    1,338
    Remove:

    Code:
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - D:\Program Files\ClearSearch\IE_ClrSch.DLL
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - D:\WINDOWS\bi.dll
    O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - D:\WINDOWS\System32\n3tpa1.dll (file missing)
    
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    
    O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    
    O4 - HKLM\..\Run: [EasyDates_ca] C:\Program Files\ComSoft\Dialers\EasyDates_ca\EasyDates_ca.exe /dontdial 
    
    O4 - HKLM\..\Run: [wyimehmq] D:\WINDOWS\lsnylu.exe
    O4 - HKLM\..\Run: [ClrSchLoader] D:\Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [SAHAgent] D:\WINDOWS\System32\SahAgent.exe
    
    O4 - HKCU\..\Run: [ContentService] D:\WINDOWS\System32\winservn.exe
    
    O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
    
    O4 - Global Startup: PrecisionTime.lnk = D:\Program Files\PrecisionTime\PrecisionTime.exe
    O4 - Global Startup: Date Manager.lnk = D:\Program Files\Date Manager\DateManager.exe
    
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - [url]http://www.sibelius.com/download/so...tiveXPlugin.cab[/url]
    O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} (DownloadUL Class) - [url]http://www2.skoobidoo.com/softwares//Download_UL.cab[/url]
    
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - [url]http://download.rfwnad.com/cab/crack.CAB[/url]
     
  3. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Thanks a million, Enyo.

    UR a great help. I compared your list to mine and I only missed three this time!! Always good to learn from the best.

    Heeter
     
  4. Enyo

    Enyo Moderator

    Messages:
    1,338
    Always happy to help you Heeter. Take care.
     
  5. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    *stamps another crossed out security issue on Enyo's forehead

    hrmm we are running out of forehead space, gonna have to start stamping his arms and legs soon
     
  6. GoNz0

    GoNz0 NTFS Stoner

    Messages:
    2,781
    Location:
    the year 2525
    shave his head, more room up top ;)
     
  7. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    we have, we started at the back
     
  8. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Hahaha,

    LOL

    Heeter
     
  9. Mubbers

    Mubbers Shoot! Political User

    Messages:
    1,087
    He'll just have to grow a bigger head ;)