Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - MonkeyMolestor


  • This topic is locked This topic is locked
3 replies to this topic

#1 MonkeyMolestor

MonkeyMolestor

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 23 September 2004 - 05:21 PM

there's something that windows SP2 isn't liking everytime a page loads, any help is appreciated


Logfile of HijackThis v1.98.2
Scan saved at 6:23:00 PM, on 9/23/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Axis Communications\PrintSystem\System\TrayIcon.exe
C:\Program Files\Axis Communications\PrintSystem\System\DriverScanner.exe
C:\Program Files\Axis Communications\PrintSystem\System\DriverServer.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinMX\WinMX.exe
G:\Madden05.exe
G:\Madden05.exe
G:\Madden05.exe
E:\twmirc\mirc.exe
C:\Program Files\Winamp\winamp.exe
F:\Program Files\FlashFXP\FlashFXP.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwar.com/forums/forumdisplay.php?f=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwar.com/forums/forumdisplay.php?f=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://jkrsijcrfkblf.com/Ezw5xWWUkrcjYfxr5...5YXtnj5U4u4.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.248.92.124:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {11E8CD97-0323-06BC-4F6B-8D1AFD0B76F3} - C:\PROGRA~1\ACEOBJ~1\Inside type.exe (file missing)
O2 - BHO: (no name) - {18A86370-BC1B-74E3-D707-6C550EAD7440} - C:\WINDOWS\system32\ktegsez.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [AXIS Print System TrayIcon] C:\Program Files\Axis Communications\PrintSystem\System\TrayIcon.exe
O4 - HKLM\..\Run: [AXIS Print System DriverScanner] C:\Program Files\Axis Communications\PrintSystem\System\DriverScanner.exe
O4 - HKLM\..\Run: [AXIS Print System DriverServer] C:\Program Files\Axis Communications\PrintSystem\System\DriverServer.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:00 AM

Posted 23 September 2004 - 11:33 PM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://jkrsijcrfkblf.com/Ezw5xWWUkrcjYfxr5...5YXtnj5U4u4.asp
O2 - BHO: (no name) - {11E8CD97-0323-06BC-4F6B-8D1AFD0B76F3} - C:\PROGRA~1\ACEOBJ~1\Inside type.exe (file missing)
O2 - BHO: (no name) - {18A86370-BC1B-74E3-D707-6C550EAD7440} - C:\WINDOWS\system32\ktegsez.dll (file missing)

Reboot your computer and post a new log.

#3 MonkeyMolestor

MonkeyMolestor
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 24 September 2004 - 01:45 AM

new log...


Logfile of HijackThis v1.98.2
Scan saved at 2:47:05 AM, on 9/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Axis Communications\PrintSystem\System\TrayIcon.exe
C:\Program Files\Axis Communications\PrintSystem\System\DriverScanner.exe
C:\Program Files\Axis Communications\PrintSystem\System\DriverServer.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinMX\WinMX.exe
G:\Madden05.exe
G:\Madden05.exe
G:\Madden05.exe
E:\twmirc\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\FXPSTU~1\Serv-U\SERVUT~1.EXE
C:\FXP Stuff\Serv-U\ServUDaemon.exe
F:\Program Files\FlashFXP\FlashFXP.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwar.com/forums/forumdisplay.php?f=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwar.com/forums/forumdisplay.php?f=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.248.92.124:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [AXIS Print System TrayIcon] C:\Program Files\Axis Communications\PrintSystem\System\TrayIcon.exe
O4 - HKLM\..\Run: [AXIS Print System DriverScanner] C:\Program Files\Axis Communications\PrintSystem\System\DriverScanner.exe
O4 - HKLM\..\Run: [AXIS Print System DriverServer] C:\Program Files\Axis Communications\PrintSystem\System\DriverServer.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:00 AM

Posted 24 September 2004 - 09:45 AM

Everything looks good except i am not sure what this program is:

O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE


Do you have any idea?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users