|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-07-2006, 03:01 PM
|
#1 (permalink) |
|
TSF Enthusiast
|
Just making sure
This should be an easy one... I recognize pretty much everything in here, but I just wanted to make sure it's clean.
Logfile of HijackThis v1.99.1 Scan saved at 4:58:57 PM, on 1/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MMTaskbar\MultiMon.exe C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trillian\trillian.exe C:\DOCUME~1\User\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks :)
__________________
Antec Neo Power 500W, ABIT IP35-E, Intel E2180@2.66Ghz, Corsair XMS2 2x1GB DDR2-800, PNY 8800GT, 320GB Seagate * lazy college student alert *- If I've inadvertently ignored a thread, please Let me know about it Have I helped you solve your problem? Donate to Techsupportforums Klart Skepp! 
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-07-2006, 03:06 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
Looks good to me. You only have to fix this entry:
R3 - Default URLSearchHook is missing You might wanna read the latest update on WMF exploit .. http://www.hexblog.com/index.html
__________________
Question - what have you done for the community today? |
|
|
|
|
01-07-2006, 03:11 PM
|
#3 (permalink) |
|
TSF Enthusiast
|
Wow that was fast. Thanks a lot!
I'm already patched for the WMF exploit, so that shouldn't pose a problem, and I have AVG up-to-date.
__________________
Antec Neo Power 500W, ABIT IP35-E, Intel E2180@2.66Ghz, Corsair XMS2 2x1GB DDR2-800, PNY 8800GT, 320GB Seagate * lazy college student alert *- If I've inadvertently ignored a thread, please Let me know about it Have I helped you solve your problem? Donate to Techsupportforums Klart Skepp!
|
|
|
|
|
01-07-2006, 03:19 PM
|
#4 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
Lol...I meant for you to uninstall the 3rd party patch & apply Microsoft's official patch - KB912919 available through Window's Update
__________________
Question - what have you done for the community today? |
|
|
|
|
01-07-2006, 03:44 PM
|
#5 (permalink) |
|
TSF Enthusiast
|
Oh, okay...
I think that may have downloaded and installed yesterday. I just haven't gotten around to uninstalling the homebrew fix yet. Maybe I'll just leve it, since it doesn't seem to be hurting anything.
__________________
Antec Neo Power 500W, ABIT IP35-E, Intel E2180@2.66Ghz, Corsair XMS2 2x1GB DDR2-800, PNY 8800GT, 320GB Seagate * lazy college student alert *- If I've inadvertently ignored a thread, please Let me know about it Have I helped you solve your problem? Donate to Techsupportforums Klart Skepp!
|
|
|
|
|
01-07-2006, 03:46 PM
|
#6 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
The author, Ilfak Guilfanov strongly suggests that it should be uninstalled.
__________________
Question - what have you done for the community today? |
|
|
|
|
01-07-2006, 04:10 PM
|
#7 (permalink) |
|
TSF Enthusiast
|
K, I uninstalled it.
I think it caused the picture viewer to stop working... I may need to reregister that DLL, but I'll have to look up the command for it.
__________________
Antec Neo Power 500W, ABIT IP35-E, Intel E2180@2.66Ghz, Corsair XMS2 2x1GB DDR2-800, PNY 8800GT, 320GB Seagate * lazy college student alert *- If I've inadvertently ignored a thread, please Let me know about it Have I helped you solve your problem? Donate to Techsupportforums Klart Skepp!
|
|
|
|
|
01-07-2006, 04:43 PM
|
#9 (permalink) |
|
TSF Enthusiast
|
Done. Thanks a lot for your help.
__________________
Antec Neo Power 500W, ABIT IP35-E, Intel E2180@2.66Ghz, Corsair XMS2 2x1GB DDR2-800, PNY 8800GT, 320GB Seagate * lazy college student alert *- If I've inadvertently ignored a thread, please Let me know about it Have I helped you solve your problem? Donate to Techsupportforums Klart Skepp!
|
|
|
|
| Thread Tools | |
|
|
