HighJackthis One

Heeter

Overclocked Like A Mother
Joined
Jul 8, 2002
Messages
2,732
#1
Hi Guys,

I would like your assistance on this. I can see a few myself. An Updated spybot 1.2 was run a few times before this log was taken.

Logfile of HijackThis v1.97.7
Scan saved at 6:10:21 PM, on 4/1/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
D:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\Program Files\ClearSearch\Loader.exe
D:\WINDOWS\System32\SahAgent.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
D:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\NavNT\vptray.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\PrecisionTime\PrecisionTime.exe
D:\Program Files\Date Manager\DateManager.exe
C:\Paltalk\pnetaware.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\NavNT\defwatch.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\NavNT\rtvscan.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\System32\MsgSys.EXE
C:\Paltalk\Paltalk.exe
D:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - D:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - D:\WINDOWS\bi.dll
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - D:\WINDOWS\System32\n3tpa1.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\windows\googletoolbar2.dll
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\windows\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] D:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] D:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [EasyDates_ca] C:\Program Files\ComSoft\Dialers\EasyDates_ca\EasyDates_ca.exe /dontdial
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [wyimehmq] D:\WINDOWS\lsnylu.exe
O4 - HKLM\..\Run: [ClrSchLoader] D:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [SAHAgent] D:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ContentService] D:\WINDOWS\System32\winservn.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PrecisionTime.lnk = D:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = D:\Program Files\Date Manager\DateManager.exe
O8 - Extra context menu item: &Google Search - res://d:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://d:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://d:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} (DownloadUL Class) - http://www2.skoobidoo.com/softwares//Download_UL.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB


Thanks,
Heeter
 

Enyo

OSNN Veteran Addict
Joined
Feb 2, 2003
Messages
1,338
#2
Remove:

Code:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - D:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - D:\WINDOWS\bi.dll
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - D:\WINDOWS\System32\n3tpa1.dll (file missing)

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)

O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)

O4 - HKLM\..\Run: [EasyDates_ca] C:\Program Files\ComSoft\Dialers\EasyDates_ca\EasyDates_ca.exe /dontdial 

O4 - HKLM\..\Run: [wyimehmq] D:\WINDOWS\lsnylu.exe
O4 - HKLM\..\Run: [ClrSchLoader] D:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [SAHAgent] D:\WINDOWS\System32\SahAgent.exe

O4 - HKCU\..\Run: [ContentService] D:\WINDOWS\System32\winservn.exe

O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe

O4 - Global Startup: PrecisionTime.lnk = D:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = D:\Program Files\Date Manager\DateManager.exe

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - [url]http://www.sibelius.com/download/so...tiveXPlugin.cab[/url]
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} (DownloadUL Class) - [url]http://www2.skoobidoo.com/softwares//Download_UL.cab[/url]

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - [url]http://download.rfwnad.com/cab/crack.CAB[/url]
 

Heeter

Overclocked Like A Mother
Joined
Jul 8, 2002
Messages
2,732
#3
Thanks a million, Enyo.

UR a great help. I compared your list to mine and I only missed three this time!! Always good to learn from the best.

Heeter
 

Geffy

OSNN Veteran Addict
Joined
Mar 18, 2002
Messages
7,805
#5
*stamps another crossed out security issue on Enyo's forehead

hrmm we are running out of forehead space, gonna have to start stamping his arms and legs soon
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Hey ep!

All good with me, applying for microsoft mvp right now, should have done this a while ago.

Notifications don't work, I only found your response by comming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier, mine is perriscalderon at gmail
Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...

Forum statistics

Threads
62,030
Messages
673,544
Members
89,039
Latest member
filamnapa