|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-11-2005, 10:57 PM
|
#1 (permalink) |
|
Member
Join Date: Sep 2004
Posts: 41
OS: WinXP
|
Windows NT wont log me in after using Hijackthis
I am in deep trouble. I had some adwares on my machine, and one was about:blank. It wont go. So I read this article on some site that asked me to use Hijackthis, and select "Mark Everything found for fixing after scan" and thought I was very reluctant to do that, I did it as last resort, after the about:blank problem didnt go..
Now I get the log-in screen, but when I enter my username/pwd, and try to log it, it doesnt show me my desktop.. everything is blank on the screen.. and it remains blank.. as if not logging in my account.. I can run windows Task Manager.. and I find one application "Hi" with status "Running" in the applications tab. Sometimes I see wowexec.exe in the processes I can log in the safe mode.. What should I do.. please suggest.. I am in deep trouble I restored the Hijackthis entries in safe mode, and the computer has logged me in finally.. I am sure there is lot of adwares/spywares though.. so I am posting the hijackthis log from this machine which is infected.. Logfile of HijackThis v1.99.1 Scan saved at 12:59:57 AM, on 3/12/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe C:\WINNT\system32\winole.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\huzaifa\My Documents\tmp\HijackThis.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O2 - BHO: (no name) - {10FB8B56-3262-4F7B-97F2-D8DA839FA27A} - C:\WINNT\system32\clml.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {73145686-EDA0-4277-946E-F7DFFAF1422F} - C:\WINNT\system32\clml.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Compliant] winole.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [neh] C:\WINNT\neh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\huzaifa\My Documents\tmp\HijackThis.exe /startupscan O4 - HKCU\..\Run: [Windows Compliant] winole.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\googletoolbar1.dll/cmtrans.html O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = secs.oakland.edu O18 - Filter: text/html - {DA9DE510-C74F-400F-A1F3-23272E0C5EF0} - C:\WINNT\system32\clml.dll O18 - Filter: text/plain - {DA9DE510-C74F-400F-A1F3-23272E0C5EF0} - C:\WINNT\system32\clml.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe Please help! |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-12-2005, 01:49 AM
|
#2 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Hi
I think the best thing to do for the moment is for you to go to the backup files that HJT made when you deleted those items and reinstate them all.It looks like you may have removed the wrong files.Then reboot an post a new log
__________________
Eddy Last edited by Pancake; 03-12-2005 at 01:50 AM. |
|
|
|
|
03-12-2005, 10:52 AM
|
#3 (permalink) |
|
Member
Join Date: Sep 2004
Posts: 41
OS: WinXP
|
Please help!
 I did what you said. Log attached. But before you look, here is the current problem: Everytime I log in, my desktop gets hijacked. I delete the active desktop "security" But it comes back again after next log in. Second problem. Computer keepts saying "Waring Your computer is at risk. Spyware detected on your PC. Windows did not find spyware protection on this computer. CLick to choose a recommended spyware protection software" Nothing happens when I click. Here is the new log Logfile of HijackThis v1.99.1 Scan saved at 12:51:20 PM, on 3/12/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe C:\Documents and Settings\huzaifa\My Documents\tmp\HijackThis.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O2 - BHO: (no name) - {10FB8B56-3262-4F7B-97F2-D8DA839FA27A} - C:\WINNT\system32\clml.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {73145686-EDA0-4277-946E-F7DFFAF1422F} - C:\WINNT\system32\clml.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [neh] C:\WINNT\neh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\huzaifa\My Documents\tmp\HijackThis.exe /startupscan O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\googletoolbar1.dll/cmtrans.html O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = secs.oakland.edu O18 - Filter: text/html - {DA9DE510-C74F-400F-A1F3-23272E0C5EF0} - C:\WINNT\system32\clml.dll O18 - Filter: text/plain - {DA9DE510-C74F-400F-A1F3-23272E0C5EF0} - C:\WINNT\system32\clml.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe |
|
|
|
|
03-12-2005, 03:12 PM
|
#4 (permalink) |
|
Member
Join Date: Sep 2004
Posts: 41
OS: WinXP
|
I cannot log in again. I restored all the items from the hijackthis.. but it still didnt log me in(it accepts my username/password but it hangs just after that).. now I can only log in in Safe mode.. please help!
Last edited by need_tech_help; 03-12-2005 at 03:15 PM. |
|
|
|
|
03-12-2005, 05:05 PM
|
#5 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed and that you have HJT v1.99.1.If you don't understand please ask before proceeding with the fixes. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes. Download any of the required programs before attempting to start any of the fixes. Please do NOT run Hijack This in a TEMPorary folder or on the Desktop. I recommend c:/program files/HJT/ Turn off System Restore instructions (WinXP) Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point. SHOW HIDDEN FILES AND FOLDERS. To show hidden files instructions (WinXP) Doubleclick My Computer | Tools | Folder Options | View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders | Yes | Apply | OK ------------------------------------------------------------------ Download and run Adaware,SpyBot (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below. How to setup Ad-Aware Download Ad-Aware Save aawsepersonal.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/Adaware/ Doubleclick aawsepersonal.exe. Make sure to direct the program to install in the c:/program files/adaware/ directory, NOT the default directory. Open AdAware from Start | Programs | Lavasoft | AdAware. Select <Check for updates now>, <Proceed> After installation, run the program and click the start button.Then click the next button. This lets ad-aware scan your computer. After ad-aware is done running, hit the next button. Then right click the area with the listed spy ware objects.Choose the "Select all objects" option. At this point all the boxes next to the items should be checked. Then hit the next button. It will ask if you want to delete the selected objects. Hit the Okay button. Now most of the spyware should have been deleted from your hard drive. ---------------------------------------------------------------------- How to setup Spybot Search & Destroy Download SpyBot Save spybotsd13.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/spybot/ Doubleclick spybotsd13.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory. Open Spybot from Start | Programs | Spybot | Spybot S&D Select <Search for Updates>. Let it install all updates. This is very important! Select <Immunize> Select <Check for Problems> Check all entries that are in RED. Only RED, NOTHING ELSE. For your records, write/print out each item that you have fixed. Date it. Select <Fix Selected Problems> Close Spybot// --------------------------------------------------------------------- Files highlighted in BLACK will need to be removed from your hard drive. ------------------------------------------------------------------ Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed. C:\WINNT\System32\spoolsrv32.exe C:\WINNT\neh.exe ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O2 - BHO: (no name) - {10FB8B56-3262-4F7B-97F2-D8DA839FA27A} - C:\WINNT\system32\clml.dll (file missing) O2 - BHO: (no name) - {73145686-EDA0-4277-946E-F7DFFAF1422F} - C:\WINNT\system32\clml.dll (file missing) O4 - HKLM\..\Run: [neh] C:\WINNT\neh.exe O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINNT\System32\spoolsrv32.exe O18 - Filter: text/html - {DA9DE510-C74F-400F-A1F3-23272E0C5EF0} - C:\WINNT\system32\clml.dll O18 - Filter: text/plain - {DA9DE510-C74F-400F-A1F3-23272E0C5EF0} - C:\WINNT\system32\clml.dll ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s (or delete the whole (Red) folder if listed). C:\WINNT\System32\spoolsrv32.exe C:\WINNT\neh.exe C:\WINNT\system32\clml.dll ------------------------------------------------------------------- Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files. When finished please post a new log......
__________________
Eddy |
|
|
|
|
03-12-2005, 07:06 PM
|
#6 (permalink) |
|
Member
Join Date: Sep 2004
Posts: 41
OS: WinXP
|
New Log.. please take a look and respond.. waiting for your response. I can log in sucessfully now.. my desktop is clean too.. but am I safe now.. are all adwares gone. Will this hanging problem happen again?
Logfile of HijackThis v1.99.1 Scan saved at 9:07:38 PM, on 3/12/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe C:\WINNT\system32\winole.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HJT\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Windows Compliant] winole.exe O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Windows Compliant] winole.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\googletoolbar1.dll/cmtrans.html O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = secs.oakland.edu O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe |
|
|
|
|
03-12-2005, 07:41 PM
|
#7 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
Nearly done.Run hjt and fix this item and delete the highlighted file..
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe C:\WINNT\system32\winole.exe Post a new log when done please.
__________________
Eddy |
|
|
|
|
03-12-2005, 07:52 PM
|
#8 (permalink) |
|
Member
Join Date: Sep 2004
Posts: 41
OS: WinXP
|
I Ran hjt and fix this item and delete the highlighted file..
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe C:\WINNT\system32\winole.exe BUT when I ran HJT, O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe came again.. so I fixed it again.. and here is the new log. Please tell me I have done right.. also is this log free of errors now? I cant tell you how helpful you have been all this time.. when I will get a job.. I will donate my 5% salary for every month for 6 months atleast.. Logfile of HijackThis v1.99.1 Scan saved at 9:53:25 PM, on 3/12/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HJT\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\googletoolbar1.dll/cmtrans.html O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = secs.oakland.edu O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe |
|
|
|
|
03-12-2005, 08:23 PM
|
#9 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
You have done well....
 Its all clean.No more malware.To help prevent future spyware installations/infections, you might like to read the anti-spyware section and feel free to use the tools provided.
__________________
Eddy |
|
|
|
|
03-15-2005, 06:41 PM
|
#10 (permalink) |
|
Member
Join Date: Sep 2004
Posts: 41
OS: WinXP
|
New windows open (not pop-up)
I am sure there is something wrong in my hijackthis.. New IE windows opens up (not pop-up) when I go to even google.com Here is my hijackthis again..
Logfile of HijackThis v1.99.1 Scan saved at 8:43:04 PM, on 3/15/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\COMMON~1\qzou\qzoum.exe C:\PROGRA~1\COMMON~1\qzou\qzoua.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\huzaifa\My Documents\test\tmp\August04\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3357 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3357 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [K1KMGPmf] C:\WINNT\hbsqbkr.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [qzou] C:\PROGRA~1\COMMON~1\qzou\qzoum.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\googletoolbar1.dll/cmtrans.html O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = secs.oakland.edu O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe |
|
|
|
|
03-15-2005, 06:56 PM
|
#11 (permalink) |
|
Member
Join Date: Sep 2004
Posts: 41
OS: WinXP
|
Just to let you know that I have deleted this file and following processes:
FOLDER C:\PROGRA~1\COMMON~1\qzou O4 - HKLM\..\Run: [K1KMGPmf] C:\WINNT\hbsqbkr.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [qzou] C:\PROGRA~1\COMMON~1\qzou\qzoum.exe Here is the new log: Logfile of HijackThis v1.99.1 Scan saved at 8:59:23 PM, on 3/15/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\huzaifa\My Documents\test\tmp\August04\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3357 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3357 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\googletoolbar1.dll/cmtrans.html O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = secs.oakland.edu O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe |
|
|
|
|
03-15-2005, 07:00 PM
|
#12 (permalink) |
|
Member
Join Date: Sep 2004
Posts: 41
OS: WinXP
|
I terminated the process
C:\PROGRA~1\COMMON~1\qzou\qzoua.exe I deleted The folder and fixed following log lines C:\PROGRA~1\COMMON~1\qzou Fixed Following O4 - HKLM\..\Run: [K1KMGPmf] C:\WINNT\hbsqbkr.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [qzou] C:\PROGRA~1\COMMON~1\qzou\qzoum.exe New Hijackthis File Logfile of HijackThis v1.99.1 Scan saved at 8:59:23 PM, on 3/15/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\huzaifa\My Documents\test\tmp\August04\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3357 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3357 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\googletoolbar1.dll/cmtrans.html O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = secs.oakland.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = secs.oakland.edu O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe |
|
|
|
|
03-15-2005, 07:18 PM
|
#13 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3
|
If you dont use this search you can remove these....the rest of you log is clean.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3357 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3357
__________________
Eddy |
|
|
|
| Thread Tools | |
|
|
