| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 86690 | 2008-01-25 08:26:00 | Suspicious Processes (Hijack this log) | videnthecoldone (13321) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 633876 | 2008-01-25 21:43:00 | Well youre right the previous log was only 2.5 mths old lol Didnt notice that till now. Get the latest version of HJT too |
Speedy Gonzales (78) | ||
| 633877 | 2008-01-25 22:23:00 | Ok, i did it all, and i think its working better now. Here is the updated log from my desktop: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:12:22 PM, on 1/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\csrss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Windows Defender\MsMpEng.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe E:\Program Files\Comodo\Firewall\cmdagent.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\ThreatFire\TFService.exe E:\WINDOWS\system32\wdfmgr.exe E:\Program Files\Viewpoint\Common\ViewpointService.exe E:\WINDOWS\System32\alg.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\system32\BtUsrBdg.exe E:\WINDOWS\system32\BTSetBootKey.exe E:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\WINDOWS\713xRMTMon.exe E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BA.EXE E:\Program Files\Windows Defender\MSASCui.exe E:\Program Files\Microsoft IntelliPoint\ipoint.exe E:\Program Files\Comodo\Firewall\CPF.exe E:\Program Files\Saitek\Software\Profiler.exe E:\Program Files\Saitek\Software\SaiSmart.exe E:\Program Files\Saitek\Software\SaiMfd.exe E:\Program Files\ThreatFire\TFTray.exe E:\WINDOWS\RTHDCPL.EXE E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe E:\progra~1\valve\steam\steam.exe E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe E:\WINDOWS\system32\wuauclt.exe e:\Program Files\Microsoft IntelliPoint\dpupdchk.exe E:\WINDOWS\system32\msiexec.exe E:\Program Files\ESET\ESET Smart Security\ekrn.exe E:\Program Files\ESET\ESET Smart Security\egui.exe E:\New Folder\HijackThis.exe E:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\ Yahoo! \Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] E:\WINDOWS\713xRMTMon.exe O4 - HKLM\..\Run: [EPSON Stylus C88 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BA.EXE /P23 "EPSON Stylus C88 Series" /O5 "LPT1:" /M "Stylus C88" O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [IntelliPoint] "e:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [Profiler] E:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] E:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [SaiMfd] E:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [ThreatFire] E:\Program Files\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Steam] "e:\progra~1\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DW4] "E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\RunOnce: [DelayShred] e:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q E:\DOCUME~1\Viden\LOCALS~1\Temp\CITRIX~1\GOTOAS~1\ 482\log101.SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\CITRIX~1\GOTOAS~1\ 482.SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\CITRIX~1\GOTOAS~1. SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\CITRIX~1.SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\Citrix\GOTOAS~1\48 2\g2a102.SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\Citrix\GOTOAS~1\48 2.SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\Citrix\GOTOAS~1.SH ! E:\DOCUME~1\Viden\LOCALS~1\Temp\Citrix.SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\APP_1_~1.SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\NO_CON~1.SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\DC_2_~1.SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\DWB8C5~1.SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\X0 9UHBY0\INDEX_~3.SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\DWB2D5~1.SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\DW_PAS~1.SH! O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://game1.pogo.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - download.mcafee.com O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - www.blizzard.com O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - download.mcafee.com O17 - HKLM\System\CCS\Services\Tcpip\..\{FCCC5573-1720-4710-BE2C-FE210F2EE059}: NameServer = 192.168.1.1,68.87.64.194 O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: ThreatFire - PC Tools - E:\Program Files\ThreatFire\TFService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe Also, i was wondering if someone woulden't mind looking through the log file of my laptop, as it seems to be having some issues as well. Thanks a ton for your help. Laptop: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:15:46 PM, on 1/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\Program Files\ThreatFire\TFService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O1 - Hosts: 69.57.152.127 auto.search.msn.com O1 - Hosts: 69.57.152.127 auto.search.msn.es O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - download.mcafee.com O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - go.divx.com O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - www.systemrequirementslab.com O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - gameadvisor.futuremark.com O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file) O22 - SharedTaskScheduler: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe |
videnthecoldone (13321) | ||
| 633878 | 2008-01-25 22:30:00 | Run HJT on the 1st PC again tick these entries then tick fix checked Close browser/s. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" This looks like parts of Mcafee. O4 - HKCU\..\RunOnce: [DelayShred] e:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q E:\DOCUME~1\Viden\LOCALS~1\Temp\CITRIX~1\GOTOAS~1\ 482\log101. SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\CITRIX~1\GOTOAS~1\ 482. SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\CITRIX~1\GOTOAS~1. SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\CITRIX~1. SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\Citrix\GOTOAS~1\48 2\g2a102. SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\Citrix\GOTOAS~1\48 2. SH! E:\DOCUME~1\Viden\LOCALS~1\Temp\Citrix\GOTOAS~1.SH ! E:\DOCUME~1\Viden\LOCALS~1\Temp\Citrix. SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\APP_1_~1. SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\NO_CON~1. SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\DC_2_~1. SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\DWB8C5~1. SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\X0 9UHBY0\INDEX_~3. SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\DWB2D5~1. SH! E:\DOCUME~1\Viden\LOCALS~1\TEMPOR~1\Content.IE5\32 4KK1AO\DW_PAS~1. SH! Uninstall all versions of Sun Java now. Then reinstall the latest version. Link is in my sig. I would be careful with installing too many AV programs. They may conflict. You only need one. |
Speedy Gonzales (78) | ||
| 633879 | 2008-01-25 22:36:00 | Now the laptop do the same as above then tick these entries then tick fix checked Close browser/s. O1 - Hosts: 69.57.152.127 auto.search.msn.com O1 - Hosts: 69.57.152.127 auto.search.msn.es O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file) O22 - SharedTaskScheduler: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file) And uninstall ALL versions of Java on this laptop. And then install the latest version. Then reboot Get rid of / uninstall Threatfire. |
Speedy Gonzales (78) | ||
| 633880 | 2008-01-25 22:40:00 | ok. I uninstalled mcafee before i installed NOD32. Now, why do i need to do the thing with the java? that confuses me. Thanks | videnthecoldone (13321) | ||
| 633881 | 2008-01-25 22:43:00 | Now, why do i need to do the thing with the java? that confuses me. Thanks Because its up to 1.6.0.4 now, and you have 03. And if there are previous versions of Java in Add/remove programs prior to 6 or 5, uninstall them as well. Because if they've got vulnerabilities / security holes, (even tho you've updated to the latest version). You'll get hit by whatever vulnerability. |
Speedy Gonzales (78) | ||
| 633882 | 2008-01-25 22:45:00 | gotcha. Well i had already uninstalled java on my desktop, and reinstalled, do i have to do it again once i fix those problems? | videnthecoldone (13321) | ||
| 633883 | 2008-01-25 22:50:00 | gotcha. Well i had already uninstalled java on my desktop, and reinstalled, do i have to do it again once i fix those problems? Yup coz its another computer (the laptop). They had the same version (03) on them. You did install 1.6.0.4 tho right?? You didnt install 1.6.0.3 and reinstall 03 again? |
Speedy Gonzales (78) | ||
| 633884 | 2008-01-25 23:11:00 | i went to the website, and installed the newest version | videnthecoldone (13321) | ||
| 633885 | 2008-01-25 23:24:00 | i went to the website, and installed the newest version Good! Well that should be it then, after you tick the entries in both logs and reboot. And uninstall threatfire on both |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||