| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 68357 | 2006-04-25 16:31:00 | Speedy, if you don't mind... | TiJay (6055) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 449409 | 2006-04-25 16:31:00 | can you check this log out? my computer is running REALLY slow. I know it has something to do with the AdobeGamma taking 60M+, but if their is anything else you see, this slow boot up/shut down sucks. I know it's going to run slow just because I'm on a roaming user network - but this is just torture... | TiJay (6055) | ||
| 449410 | 2006-04-25 21:16:00 | Uhhh, where is log? | zqwerty (97) | ||
| 449411 | 2006-04-25 21:39:00 | uh...oops... Logfile of HijackThis v1.99.1 Scan saved at 11:26:57 AM, on 4/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Symantec AntiVirus\DefWatch.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\WINDOWS\system32\HPZipm12.exe D:\Program Files\Symantec AntiVirus\SavRoam.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Symantec AntiVirus\Rtvscan.exe D:\Program Files\Webroot\Enterprise\Spy Sweeper\CommAgent.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe D:\WINDOWS\explorerTiJay.exe D:\WINDOWS\BCMSMMSG.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\PROGRA~1\SYMANT~1\VPTray.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe D:\WINDOWS\Logi_MwX.Exe D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe D:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe D:\Program Files\Microsoft ActiveSync\wcescomm.exe D:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\AWS\WEATHE~1\Weather.exe D:\PROGRA~1\MICROS~3\rapimgr.exe D:\Program Files\ Yahoo! \Messenger\ypager.exe D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe D:\Documents and Settings\TiJay.OUTCOMEMEDICAL\Start Menu\Programs\Startup\ZAdobeGammaLoader.exe D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\HijackThis.exe D:\Documents and Settings\TiJay.OUTCOMEMEDICAL\Start Menu\Programs\Startup\ZAdobeGammaLoader.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [search.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = securityresponse.symantec.com F2 - REG:system.ini: Shell=explorerTiJay.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HPHUPD08] D:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SpySweeperEnterprise] "D:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe" /StartInTray O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Weather] D:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [ Yahoo! Pager] D:\Program Files\ Yahoo! \Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: BitTorrent.lnk = D:\Program Files\BitTorrent\bittorrent.exe O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\ Yahoo! \WidgetEngine\YahooWidgetEngine.exe O4 - Startup: ZAdobeGammaLoader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Options - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - www-secure.symantec.com O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - wdownload.weatherbug.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - www-secure.symantec.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = outcomemedical.local O17 - HKLM\Software\..\Telephony: DomainName = outcomemedical.local O17 - HKLM\System\CCS\Services\Tcpip\..\{91E3CB7C-E366-418C-9C38-CA45E3D358E0}: NameServer = 72.17.238.226 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = outcomemedical.local O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: PCANotify - D:\WINDOWS\SYSTEM32\PCANotify.dll O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNtf.DLL O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - D:\Program Files\Webroot\Enterprise\Spy Sweeper\CommAgent.exe O23 - Service: WebrootSpySweeperService - Webroot Software, Inc. - D:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe |
TiJay (6055) | ||
| 449412 | 2006-04-25 22:02:00 | Hmm boot into safe mode, run hijackthis again tick these entries and tick fix checked. I dont know what this is. D:\WINDOWS\explorerTiJay.exe D:\PROGRA~1\AWS\WEATHE~1\Weather.exe - This is adware I dont know what this is (Do you)? D:\Documents and Settings\TiJay.OUTCOMEMEDICAL\Start Menu\Programs\Startup\ZAdobeGammaLoader.exe D:\Documents and Settings\TiJay.OUTCOMEMEDICAL\Start Menu\Programs\Startup\ZAdobeGammaLoader.exe F2 - REG:system.ini: Shell=explorerTiJay.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [Weather] D:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - wdownload.weatherbug.com |
Speedy Gonzales (78) | ||
| 449413 | 2006-04-25 22:32:00 | explorerTiJay.exe is a hack I added - all it is is a different explorer file where I changed some text so my start menu doesn't say 'Start' it is SAY MY NAME!! and many of the menu items are renamed...(Control Panel is now called CockPit) That is nothing but different text in the resource file. I kinda figured weatherbug was adware, but it's so damned usefull - I guess I will make a shortcut to weather.com :P As for the ZAdobeGammaLoader.exe - I have no clue, and my google searches are turning up fruitless...but I do know that is a big memory hog (60M) but i didn't wanna delete if I wasn't sure. I set system.ini to automatically run explorerTiJay.exe as opposed to explorer.exe - no harm there. I am about to head out for the day - i've already put in too much overtime for my boss to be happy, so I will let you know if that helps tomorrow...thanks a billion |
TiJay (6055) | ||
| 449414 | 2006-04-25 22:47:00 | AdobeGammaLoader.exe is used by Adobe Photoshop ZAdobeGammaLoader.exe can be a worm TR/Click.VB.MN Antivirus should pick it up. |
Safari (3993) | ||
| 449415 | 2006-04-26 07:26:00 | And with a 'Roaming Profile', you are going to carry that around the office workstations!! Edit & back to the server................. |
SolMiester (139) | ||
| 449416 | 2006-04-26 13:44:00 | I am using Symantec Antivirus 10.1 - I would think (as long as ZAdobeGammaLoader.exe has been on my computer) symantec would have noticed it by now...the 6 day war has been changed to a daily war. Symantec stopped putting out new definitions only on wednesday and started put them out daily. Yet I will search symantec's site for more information. And before I start tickin' the boxes: What does HijackThis do, actually? My MSN Messenger is an easy way for the people who work at this company to keep in touch when they are out of town/state. There are a few things I don't want deleted. If that's what this does, I'll not tick it. Thanks |
TiJay (6055) | ||
| 449417 | 2006-04-26 13:53:00 | My MSN Messenger is an easy way for the people who work at this company to keep in touch when they are out of town/state. There are a few things I don't want deleted. If that's what this does, I'll not tick it. Messenger isn't the same thing as MSN Messenger. Messenger is just an evil exploitable addition to Windows. |
Greg (193) | ||
| 449418 | 2006-04-26 15:15:00 | Oh yea...duh...:P I remember now: Messenger is VERY easy to exploit because it doesn't judge what comes in or out, it bypasses the antivirus, and it is nothing more than an open port...leaving a Computer open to anyone...kk - t's ticked :P |
TiJay (6055) | ||
| 1 2 | |||||