| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 45920 | 2004-06-07 06:22:00 | rogue dialer or not | luckysmum (1528) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 242560 | 2004-06-07 10:50:00 | Go here: www.newbie.org |
zqwerty (97) | ||
| 242561 | 2004-06-07 11:01:00 | Also luckysmum you might like to look at this: www.free-web-browsers.com |
zqwerty (97) | ||
| 242562 | 2004-06-07 11:16:00 | Have deleted both and rebooted so should be gone and here is new list StartupList report, 7/06/2004, 10:12:35 p.m. StartupList version: 1.52 Started from : C:\Documents and Settings\Owner\My Documents\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\shwicon.exe C:\Windows\system32\HpSrvUI.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\S3tray2.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\ICQPlus\vplus.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\webshots.scr C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Owner\My Documents\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Owner\Start Menu\Programs\Startup] SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe Webshots.lnk = C:\Program Files\Webshots\Launcher.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] hp psc 1000 series.lnk = ? hpoddt01.exe.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run hpsysdrv = c:\windows\system\hpsysdrv.exe IgfxTray = C:\WINDOWS\System32\igfxtray.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe KYE_Showicon = "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" hp Silent Service = C:\Windows\system32\HpSrvUI.exe hpScannerFirstBoot = c:\hp\drivers\scanners\scannerfb.exe Share-to-Web Namespace Daemon = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe CamMonitor = c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe KBD = C:\HP\KBD\KBD.EXE StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r WCOLOREAL = "C:\Program Files\Coloreal\coloreal.exe" Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE nwiz = nwiz.exe /install PS2 = C:\WINDOWS\system32\ps2.exe mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe S3TRAY2 = S3tray2.exe updater = C:\Program Files\Common files\updater\wupdater.exe SAHBundle = C:\DOCUME~1\Owner\LOCALS~1\Temp\bundle.exe VTPreset = VTPreset.exe Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PopUpStopperFreeEdition = "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" ICQ Plus = "C:\Program Files\ICQPlus\vplus.exe" -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\webshots.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - c:\Program Files\Microsoft Money\System\mnyside.dll - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2} NavErrRedir Class - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} (no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -------------------------------------------------- Enumerating Task Scheduler jobs: FRU Task #Hewlett-Packard#hp psc 1200 series#1064873909.job Norton AntiVirus - Scan my computer.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = download.macromedia.com [MSSecurityAdvisor Class] InProcServer32 = C:\WINDOWS\System32\mssecadv.dll CODEBASE = download.microsoft.com [{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] CODEBASE = ak.imgfarm.com [Symantec AntiVirus scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll CODEBASE = security.symantec.com [YInstStarter Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll CODEBASE = download.yahoo.com [WSDownloader Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\WSDOWN~1.OCX CODEBASE = www.webshots.com [Symantec RuFSI Registry Information Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = security.symantec.com [ActiveDataInfo Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll CODEBASE = www-secure.symantec.com [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = fpdownload.macromedia.com [ActiveDataObj Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll CODEBASE = www-secure.symantec.com -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 8,521 bytes Report generated in 0.532 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
luckysmum (1528) | ||
| 242563 | 2004-06-07 11:18:00 | And thank you very very much for all your help I would not have known what to look for so once again thank you it is very much appreciated. | luckysmum (1528) | ||
| 242564 | 2004-06-07 11:48:00 | Remove from startup ..updater = C:\Program Files\Common files\updater\wupdater.exe See here (www.winpatrol.com) |
Pheonix (280) | ||
| 242565 | 2004-06-07 11:50:00 | Check, using Hijack this, every now and again to make sure that there are no hidden instances starting to gain a foot-hold once more. CU. |
zqwerty (97) | ||
| 242566 | 2004-06-07 11:50:00 | zqwerty may have been able to make sense of that list but it wasn't what I was hoping to see. After double clicking on hijackthis.exe you click on the Scan button then Save Log. This will produce a text file, the contents of which you can paste in here. What you have pasted is the Startup list which is a little different. Also, it is good practice to obtain a fresh download of an updated version of HijackThis if you wish to scan your computer another day as new pests are added to the database regularly and using an older version could cause problems. |
Susan B (19) | ||
| 242567 | 2004-06-07 11:55:00 | Also ... SAHBundle = C:\DOCUME~1\Owner\LOCALS~1\Temp\bundle.exe See here (www.pestpatrol.com). |
Pheonix (280) | ||
| 242568 | 2004-06-07 11:55:00 | Yes probably something else you should get rid of as well as Phoenix says. | zqwerty (97) | ||
| 242569 | 2004-06-07 12:01:00 | I thought I had I deleted everything and took it out of add/remove but it is still hidden somewhere and it is not in the file it says it is in as I deleted it out of there about 3 weeks ago | luckysmum (1528) | ||
| 1 2 3 4 5 6 | |||||