Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My HijackThis log


  • This topic is locked This topic is locked
4 replies to this topic

#1 Westcam

Westcam

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 21 May 2004 - 06:57 AM

I have use Spy-bot and Ad-aware 6 but this a little spy ware (in picture) just can't seem to die. i just use HijackThis for first time and it is so confuse that i don't know what to do with this many show up things. :thumbsup:

Below is my HijackThis log;

StartupList report, 5/21/2004, 9:53:31 PM
StartupList version: 1.XXXX
Started from : C:\HijackThis\HijackThis.EXE
Detected: Windows XP (WinNT 5.XXXXX)
Detected: Internet Explorer v6.00 (6.XXXXX)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\datamonitor\datamonitor.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\PowerS.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\javaw.exe
C:\Program Files\Prolink\PlayTV Pro\PIXELTV.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

--------------------------------------------------

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C6DD5E-DABF-B1BA-71F3-17DE63F6CCD0} - C:\PROGRA~1\Gram64\loudfirst.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hide wipe - {7CE14D9F-BD15-E15D-9A54-6898309CADAD} - C:\PROGRA~1\Gram64\loudfirst.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Optus Cable Data Monitor] C:\Program Files\datamonitor\datamonitor.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

---------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe = C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
Advanced Tools Check = C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
Optus Cable Data Monitor = C:\Program Files\datamonitor\datamonitor.exe
NetLimiter = C:\Program Files\NetLimiter\NetLimiter.exe /s
PowerS = C:\WINDOWS\PowerS.exe
Pop-Up Stopper = "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
ASUS Probe = C:\Program Files\ASUS\Probe\AsusProb.exe
IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
RunDLL = rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=none
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\Gram64\loudfirst.dll (file missing) - {08C6DD5E-DABF-B1BA-71F3-17DE63F6CCD0}
(no name) - C:\WINDOWS\2_0_1browserhelper2.dll - {83DE62E0-5805-11D8-9B25-00E04C60FAF2}
(no name) - C:\WINDOWS\Downloaded Program Files\bridge.dll - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
Web assistant - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer -
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

[brdg Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\bridge.dll
CODEBASE = http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

[MaxisSimCity4PatcherX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MAXISS~1.OCX
CODEBASE = http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #2: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #3: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #4: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #5: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #21: C:\Program Files\NetLimiter\nl_lsp.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\DAVIDU~1\LOCALS~1\Temp\bdl14025.exe|||C

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,402 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



Posted Image

Edited by Grinler, 22 May 2004 - 04:34 PM.

Using Spybot - Search and Destroy Tutorial | HijackThis Tutorial | HijackThis Download link
1 cigarette takes away FIVE minutes of a person's life, so THINK before you smoke
Posted Image

BC AdBot (Login to Remove)

 


#2 Guest_Plimsol_*

Guest_Plimsol_*

  • Guests
  • OFFLINE
  •  

Posted 21 May 2004 - 10:21 AM

Ok. You have a bunch of problems here. The image you are seeing is not from spyware but from people sending you messages to your messenger service. Go into Start | Control Panel| Administrative Tools| Services. Find the messenger service and stop it and disable it. You will no longer receive those messages.

You also have some spyware/hijackers installed. Lets clear that out.


I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

Do you know what this is? If not remove it
O2 - BHO: (no name) - {08C6DD5E-DABF-B1BA-71F3-17DE63F6CCD0} - C:\PROGRA~1\Gram64\loudfirst.dll (file missing)

Keep Fixing
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll

Once again do you know what this is? If not fix it
O3 - Toolbar: hide wipe - {7CE14D9F-BD15-E15D-9A54-6898309CADAD} - C:\PROGRA~1\Gram64\loudfirst.dll (file missing)

Keep Fixing
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab

Reboot your computer into Safe Mode and delete the following files:

Then delete these
c:\program files\gram64 (only delete this if you fixed them above)
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\WINDOWS\2_0_1browserhelper2.dll

Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore
or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

Reboot your computer to go back to normal mode and post a new log.

#3 Westcam

Westcam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 21 May 2004 - 10:55 PM

I can't find the files these 2 files, perhape i deleted them before i use hijack. :thumbsup:
c:\program files\gram64 (only delete this if you fixed them above)
C:\WINDOWS\Downloaded Program Files\bridge.dll
all actions are folowed instruction.

but i found this and deleted it.
C:\WINDOWS\2_0_1browserhelper2.dll

NEW LOG

==================================================

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\datamonitor\datamonitor.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\PowerS.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Optus Cable Data Monitor] C:\Program Files\datamonitor\datamonitor.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab



==================================================
Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\datamonitor\datamonitor.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\PowerS.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\HijackThis\HijackThis.exe

--------------------------------------------------
Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe = C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
Advanced Tools Check = C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
Optus Cable Data Monitor = C:\Program Files\datamonitor\datamonitor.exe
NetLimiter = C:\Program Files\NetLimiter\NetLimiter.exe /s
PowerS = C:\WINDOWS\PowerS.exe
Pop-Up Stopper = "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
ASUS Probe = C:\Program Files\ASUS\Probe\AsusProb.exe
IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=none
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Web assistant - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer - XXXX XXX.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

[MaxisSimCity4PatcherX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MAXISS~1.OCX
CODEBASE = http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #2: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #3: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #4: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #5: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #21: C:\Program Files\NetLimiter\nl_lsp.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7,349 bytes
Report generated in 0.016 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by Westcam, 21 May 2004 - 11:00 PM.

Using Spybot - Search and Destroy Tutorial | HijackThis Tutorial | HijackThis Download link
1 cigarette takes away FIVE minutes of a person's life, so THINK before you smoke
Posted Image

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:46 PM

Posted 22 May 2004 - 12:22 AM

Looks clean to me! Good job!

#5 Westcam

Westcam
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 22 May 2004 - 01:37 AM

Looks clean to me! Good job!

are you serious? :inlove: :flowers: i am gona dance all night :cool: :trumpet:


Thanks for helping :thumbsup:
Using Spybot - Search and Destroy Tutorial | HijackThis Tutorial | HijackThis Download link
1 cigarette takes away FIVE minutes of a person's life, so THINK before you smoke
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users