Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log Thanks For The Help In Advance


  • This topic is locked This topic is locked
2 replies to this topic

#1 Niko32

Niko32

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 26 June 2008 - 01:16 PM

So i can run scans and delete .dlls' but every time i restart the damn startup items i removed come back. If you can suggest how to remove these items for good, i would appreciate it. Thank you!

StartupList report, 6/26/2008, 1:09:32 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows Vista SP1 (WinNT 6.00.1905)
Detected: Internet Explorer v7.00 (7.00.6001.18000)
* Using default options
==================================================

Running processes:

C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\rundll32.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
Bluetooth.lnk = ?
QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ECenter = C:\Dell\E-Center\EULALauncher.exe
Apoint = C:\Program Files\DellTPad\Apoint.exe
OEM02Mon.exe = C:\Windows\OEM02Mon.exe
Broadcom Wireless Manager UI = C:\Windows\system32\WLTRAY.exe
PSQLLauncher = "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
DELL Webcam Manager = "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
IAAnotif = "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
dscactivate = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
NvSvc = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
NVHotkey = rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
DellSupportCenter = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
Microsoft WinUpdate = C:\Windows\system32\mslatest_updt.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DellSupport = "C:\Program Files\DellSupport\DSAgnt.exe" /startup
DellSupportCenter = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
Aim6 =
Dell DataSafe Scheduler = "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
Steam = "C:\Program Files\Steam\Steam.exe" -silent
DAEMON Tools Lite = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
MsnMsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSServer = rundll32.exe C:\Users\niko\AppData\Local\Temp\vtUkkkhF.dll,#1
BM636474ee = Rundll32.exe "C:\Users\niko\AppData\Local\Temp\wyhuiqaa.dll",s
cmds = rundll32.exe C:\Users\niko\AppData\Local\Temp\cbXNGwvu.dll,c

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = C:\Windows\system32\notepad.exe "%1"

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\Mystify.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll - {00C6482D-C502-44C8-8409-FCE54AD9C208}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Browser Address Error Redirector - C:\Program Files\Dell\BAE\BAE.dll - {CA6319C0-31B7-401E-A518-A07C3DB8F777}

--------------------------------------------------

Enumerating Task Scheduler jobs:

User_Feed_Synchronization-{B9D57DA3-D205-4E3F-BD52-BEE5C223A138}.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

[Facebook Photo Uploader 5]
InProcServer32 = C:\Windows\Downloaded Program Files\ImageUploader5.ocx
CODEBASE = http://upload.facebook.com/controls/Facebo...toUploader5.cab

[LogMeIn Rescue Technician Console]
InProcServer32 = C:\Windows\Downloaded Program Files\RescueControl.dll
CODEBASE = https://secure.logmeinrescue.com/TechConsol...scueControl.cab

[MySpace Uploader Control]
InProcServer32 = C:\Windows\Downloaded Program Files\MySpaceUploader.ocx
CODEBASE = http://lads.myspace.com/upload/MySpaceUploader1006.cab

[System Requirements Lab Class]
InProcServer32 = C:\Windows\Downloaded Program Files\sysreqlab2.dll
CODEBASE = http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
OSD = C:\Windows\Downloaded Program Files\SysReqLab2.osd

[NVIDIA Smart Scan]
InProcServer32 = C:\Windows\DOWNLO~1\NVIDIA~1.OCX
CODEBASE = http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files\Bonjour\mdnsNSP.dll
NameSpace #8: C:\Windows\system32\wshbth.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk /p \??\C:

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Users\niko\AppData\Local\Temp\cbXNGwvu.dll||C:\Users\niko\AppData\Local\Temp\fccdDUND.dll


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
End of report, 10,656 bytes
Report generated in 0.093 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

BC AdBot (Login to Remove)

 


m

#2 Niko32

Niko32
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 26 June 2008 - 02:38 PM

This is resolved. read a post with the fix. THANKS SO MUCH!!!!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,719 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:02 PM

Posted 26 June 2008 - 02:52 PM

Hello Niko32 and welcome to BC :thumbsup:

I'm glad your problem has been resolved. Thank you for letting us know.

Since your problem seems to be resolved, this topic will now be closed.

Orange Blossom :)
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users