Gnimsh

Members
 View Profile  See their activity

  • Content Count

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by Gnimsh

  1. Boss's Computer

    in Malware Removal

    Posted

    Hey guys, I am working right now on my boss's home computer. She tells me that it's been running really slowly lately. I am also checking for viruses and spyware/adware, but anything you guys see on this log will help too. Thanks.

    Logfile of HijackThis v1.99.1

    Scan saved at 12:17:33 PM, on 3/19/05

    Platform: Windows 98 Gold (Win9x 4.10.1998)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL

    C:\WINDOWS\SYSTEM\MSGSRV32.EXE

    C:\WINDOWS\SYSTEM\MPREXE.EXE

    C:\WINDOWS\SYSTEM\MSTASK.EXE

    C:\WINDOWS\SYSTEM\mmtask.tsk

    C:\WINDOWS\EXPLORER.EXE

    C:\WINDOWS\TASKMON.EXE

    C:\WINDOWS\SYSTEM\SYSTRAY.EXE

    C:\WINDOWS\STARTER.EXE

    C:\WINDOWS\SYSTEM\R3PROXY.EXE

    C:\WINDOWS\SYSTEM\STIMON.EXE

    C:\WINDOWS\SYSTEM\DDHELP.EXE

    C:\PROGRAM FILES\LEXMARK X5100 SERIES\LXBABMGR.EXE

    C:\IOMEGA\TOOLS\IOWATCH.EXE

    C:\PROGRAM FILES\LEXMARK X5100 SERIES\LXBABMON.EXE

    C:\WINDOWS\SYSTEM\LEXBCES.EXE

    C:\WINDOWS\SYSTEM\RPCSS.EXE

    C:\WINDOWS\SYSTEM\LEXPPS.EXE

    C:\WINDOWS\SYSTEM\SPOOL32.EXE

    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE

    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

    C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE

    C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE

    C:\PROGRAM FILES\SOFTWIN\BITDEFENDER FREE EDITION\BDMCON.EXE

    C:\PROGRAM FILES\SOFTWIN\BITDEFENDER FREE EDITION\BDNAGENT.EXE

    C:\WINDOWS\SYSTEM\TAPISRV.EXE

    C:\WINDOWS\SYSTEM\RNAAPP.EXE

    C:\WINDOWS\HH.EXE

    C:\PROGRAM FILES\SOFTWIN\BITDEFENDER FREE EDITION\BDLITE.EXE

    D:\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

    O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

    O4 - HKLM\..\Run: [systemTray] SysTray.Exe

    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

    O4 - HKLM\..\Run: [Fellowes Proxy] C:\WINDOWS\SYSTEM\r3proxy.exe

    O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE c:\windows\SYSTEM\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

    O4 - HKLM\..\Run: [LexStart] lexstart.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [bDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe

    O4 - HKLM\..\Run: [bDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe

    O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

    O4 - HKLM\..\RunServices: [KPF4] c:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

    O4 - HKLM\..\RunServices: [bitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe

    O4 - HKLM\..\RunServices: [bitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe

    O4 - HKLM\..\RunServices: [bitDefender Live! Init] C:\Program Files\Softwin\BitDefender Free Edition\\bdinit.exe

    O4 - Startup: Iomega Watch.lnk = C:\Iomega\Tools\IOWATCH.EXE

    O4 - Startup: Iomega Startup Options.lnk = C:\Iomega\Tools\IMGSTART.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O12 - Plugin for .exe: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll

    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/install/iftwclix.cab

    O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://www.affiliatetarget.com/webtwo/download.exe

    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab

    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = infoblvd.net

    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 199.105.236.2,216.42.64.2,216.42.64.7

  2. Aol Owns Everything You Say...

    in Security Alerts

    Posted

    If you use AIM, they now own anything you say and can use it for anything they want. I'd call that a pretty big security hole.

    Link to story: http://yro.slashdot.org/article.pl?sid=05/...359226&from=rss

    New AIM ToS: http://www.aim.com/tos/tos.adp

    An excerpt from the ToS:

    Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. In addition, by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses.

  3. Clint's Computer

    in Malware Removal

    Posted

    New Log:

    Logfile of HijackThis v1.99.1

    Scan saved at 7:35:53 PM, on 3/7/2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Messenger\msmsgs.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\Program Files\Firefox\firefox.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

    C:\WINDOWS\system32\slserv.exe

    C:\WINDOWS\System32\wltrysvc.exe

    C:\WINDOWS\System32\bcmwltry.exe

    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

    C:\program files\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.averatec.com/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSACEZ\Cache\SelectedContextSearch.htm

    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

  4. Clint's Computer

    in Malware Removal

    Posted

    This is from the computer of a friend of mine who has been having a terrible time, particularly w/ bullseye network.

    Logfile of HijackThis v1.99.1

    Scan saved at 6:43:59 PM, on 3/7/2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

    C:\WINDOWS\system32\slserv.exe

    C:\WINDOWS\System32\wltrysvc.exe

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Windows AdTools\WinAdTools.exe

    C:\temp\salm.exe

    C:\Program Files\BullsEye Network\bin\bargains.exe

    C:\Program Files\DeskAd Service\DeskAdServ.exe

    C:\Program Files\Windows AdTools\WinRatchet.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Yahoo!\Messenger\ypager.exe

    C:\Program Files\DeskAd Service\DeskAdKeep.exe

    C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe

    C:\Program Files\mIRC\mirc.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\sahAgent.exe

    E:\Trillian\trillian.exe

    C:\Program Files\WinRAR\WinRAR.exe

    C:\program files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&af...ODQ6NTo5&Terms=

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.averatec.com/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

    R3 - URLSearchHook: (no name) - _{269B6797-664E-48AA-B283-B012BDF6E525} - (no file)

    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: ohb Class - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINDOWS\System32\winhot32.dll

    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

    O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - C:\PROGRA~1\POWERS~2\Toolbar\pwrsacez.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - C:\PROGRA~1\POWERS~2\Toolbar\pwrsacez.dll

    O3 - Toolbar: HotSearchBar.com Bar - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\System32\winhot32.dll

    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

    O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe

    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

    O4 - HKLM\..\Run: [zsj] C:\WINDOWS\zsj.exe

    O4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\system32\SahAgent.exe

    O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

    O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe

    O4 - HKLM\..\RunOnce: [sahUpgrade] C:\DOCUME~1\Bryan\LOCALS~1\Temp\SahUpdate\upgrade.exe iteration3 -setup4003 -2000

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

    O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe

    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSACEZ\Cache\SelectedContextSearch.htm

    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

    O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com

    O16 - DPF: {01D76E36-D5ED-132D-BAFA-4AD54AFD2FE1} - http://66.117.42.151/1/gdnUS243.exe

    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/initial.cab

    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

    O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab

    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

    O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

  5. Windows Problems

    in Malware Removal

    Posted

    hey everybody, I'm new here (I promise I won't be a jerk to you jeff...its more fun in real time anyway :-p). I've been talking to Efwis about some problems I've been having w/ my comp and he suggested I run a hijackthis log. I'll paste the log, but I have to let you all know first that I did run a XP repair install this weekend and the system just hasn't been the same since. Its been slower on startups and coming out screensaver mode, things like that. Anywho, the log:

    Logfile of HijackThis v1.99.1

    Scan saved at 10:01:48 PM, on 2/24/2005

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe

    C:\Program Files\Executive Software\Diskeeper\DkService.exe

    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

    C:\Program Files\WebDrive\wdservice.exe

    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

    C:\Program Files\Softwin\BitDefender8\vsserv.exe

    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Microsoft IntelliPoint\point32.exe

    C:\Program Files\g3torrent\g3torrent.exe

    C:\WINDOWS\StartupMonitor.exe

    C:\Program Files\Babylon\Babylon.exe

    C:\WINDOWS\System32\devldr32.exe

    C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe

    C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

    C:\program files\softwin\bitdefender8\bdnagent.exe

    C:\Program Files\Softwin\BitDefender8\bdswitch.exe

    C:\Program Files\Traybar\Traybar.exe

    C:\Program Files\Microsoft IntelliType Pro\type32.exe

    C:\Program Files\Weather Pulse\weatherpulse.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\WinRAR\WinRAR.exe

    C:\program files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.locators.com/search.php?que=%s

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

    O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart

    O4 - HKLM\..\Run: [bDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe

    O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe

    O4 - HKLM\..\Run: [bDNewsAgent] c:\program files\softwin\bitdefender8\bdnagent.exe

    O4 - HKLM\..\Run: [bDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe

    O4 - HKLM\..\Run: [Traybar] C:\Program Files\Traybar\Traybar.exe

    O4 - HKLM\..\Run: [WebDriveTray] "C:\Program Files\WebDrive\webdrive.exe" /trayicon

    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [Weather Pulse] C:\Program Files\Weather Pulse\weatherpulse.exe

    O4 - Startup: K-Meleon Loader.lnk = C:\Program Files\K-Meleon\loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

    O9 - Extra button: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)

    O9 - Extra 'Tools' menuitem: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = alfred.edu

    O17 - HKLM\Software\..\Telephony: DomainName = alfred.edu

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = alfred.edu

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = alfred.edu

    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = alfred.edu

    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe

    O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\WebDrive\wdservice.exe

    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    Thanks for your help!