Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anything wrong with my log?


  • Please log in to reply
1 reply to this topic

#1 citizenx

citizenx

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 21 February 2005 - 02:05 AM

i dont have a wall paper i have an adervtisement that talks about spyware i ran my anti no virus found and microsoft spyware and ad ware and seek and destory sigh please help thanks did a reboot heres whats new


StartupList report, 2/21/2005, 1:24:55 AM
StartupList version: 1.52.2
Started from : C:\hijackthis\HijackThis23.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\rrxpmg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\m?config.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis23.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

bcmwltry = bcmwltry.exe
RemoveCpl = RemoveCpl.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
BCMSMMSG = BCMSMMSG.exe
NWEReboot =
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\gnotify.exe
AtiPTA = atiptaxx.exe
(Default) =
WinampAgent = C:\Program Files\Winamp\winampa.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
2hCG = C:\WINDOWS\rrxpmg.exe
vptray = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
ControlPanel = C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
SurfSideKick 2 = C:\Program Files\SurfSideKick 2\Ssk.exe
IST Service = C:\Program Files\ISTsvc\istsvc.exe
Internet Optimizer = "C:\Program Files\Internet Optimizer\optimize.exe"
VBundleOuterDL = C:\Program Files\VBouncer\BundleOuter.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Sonic RecordNow! =
Ijz = C:\WINDOWS\System32\m?config.exe
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
SurfSideKick 2 = C:\Program Files\SurfSideKick 2\Ssk.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {00000010-6F7D-442C-93E3-4A4827C2E4C8}
(no name) - (no file) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8}
(no name) - C:\WINDOWS\System32\eah.dll (file missing) - {B959AAA0-18C0-4783-B721-6C996C633F79}
(no name) - (no file) - {F407A576-6D08-423C-BBD4-D126B8A84516}

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5co...b?1108099325579

[{7C559105-9ECF-42B8-B3F7-832E75EDD959}]

[{9EB320CE-BE1D-4304-A081-4B4665414BEF}]

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,551 bytes
Report generated in 0.100 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by citizenx, 21 February 2005 - 02:25 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:42 AM

Posted 23 February 2005 - 05:37 PM

Post a hijackthis log instead. Instructions are in a pinned post at the top of this forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users