Hijackthis Log - Help, I'm going crazy!

Posted 12/14/2004 12:02 AM
#6597
User avatar

fauche65 Member

Date Joined Nov 2016
Total Posts: 9
I cannot get rid of the Spyware. Especially SideFind. Please help. <br/>Logfile of HijackThis v1.98.2 <br/>Scan saved at 7:14:14 PM, on 12/13/2004 <br/>Platform: Windows ME (Win9x 4.90.3000) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\SYSTEM\KERNEL32.DLL <br/>C:\WINDOWS\SYSTEM\MSGSRV32.EXE <br/>C:\WINDOWS\SYSTEM\SPOOL32.EXE <br/>C:\WINDOWS\SYSTEM\MPREXE.EXE <br/>C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE <br/>C:\WINDOWS\SYSTEM\MSTASK.EXE <br/>C:\WINDOWS\SYSTEM\SSDPSRV.EXE <br/>C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE <br/>C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE <br/>C:\WINDOWS\SYSTEM\PSTORES.EXE <br/>C:\WINDOWS\SYSTEM\mmtask.tsk <br/>C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE <br/>C:\WINDOWS\EXPLORER.EXE <br/>C:\WINDOWS\SYSTEM\SYSTRAY.EXE <br/>C:\WINDOWS\TASKMON.EXE <br/>C:\WINDOWS\SYSTEM\WMIEXE.EXE <br/>C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE <br/>C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE <br/>C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE <br/>C:\WINDOWS\LOADQM.EXE <br/>C:\WINDOWS\SYSTEM\HPOOPM07.EXE <br/>C:\WINDOWS\SYSTEM\DDHELP.EXE <br/>C:\WINDOWS\SYSTEM\DTWBUYX.EXE <br/>C:\WINDOWS\SYSTEM\CTFMON.EXE <br/>C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE <br/>C:\PROGRAM FILES\ISS\BLACKICE\BLACKICE.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE <br/>C:\WINDOWS\SYSTEM\HPOIPM07.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE <br/>C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE <br/>C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE <br/>C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodybuilding.com <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodybuilding.com <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url=http://www.couldnotfind.com/search_page.html?&account_id=138770]http://www.couldnotfind.com/search_page.html?&account_id=138770[/url] <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bodybuilding.com <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80 <br/>R3 - Default URLSearchHook is missing <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL <br/>O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) <br/>O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing) <br/>O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL <br/>O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL <br/>O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun <br/>O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe <br/>O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s <br/>O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme <br/>O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE <br/>O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime <br/>O4 - HKLM\..\Run: [LoadQM] loadqm.exe <br/>O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe <br/>O4 - HKLM\..\Run: [grlfebrukx] C:\WINDOWS\SYSTEM\dtwbuyx.exe <br/>O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe <br/>O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe <br/>O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe <br/>O4 - HKLM\..\RunServices: [LoadBlackD] "C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE" <br/>O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme <br/>O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe <br/>O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe <br/>O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe <br/>O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE <br/>O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE" <br/>O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg <br/>O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe <br/>O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0 <br/>O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 <br/>O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe <br/>O4 - Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm <br/>O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm <br/>O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html <br/>O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html <br/>O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE <br/>O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE <br/>O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE <br/>O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing) <br/>O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll <br/>O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0837be82b2f1c014a522/netzip/RdxIE601.cab <br/>O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe <br/>O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab <br/>O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe <br/>O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab <br/>O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/webinst.exe <br/>O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
Posted 12/14/2004 9:11 AM
#6615
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#800080>http://www.getright.com/</FONT></U></A><?xml:namespace]<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p>[/color][/u]</o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#0000ff>http://www.lavasoftusa.com/support/download/</U></A><o:p></o:p></FONT> <br/> <br/>Spybot: [url=http://www.safer-networking.org/en/download/index.html]<SPAN style="FONT-FAMILY: 'Times New Roman'">http://www.safer-networking.org/en/download/index.html[/color][/u][/url]<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">[color=#0000ff>http://www.simplysup.com/tremover/download.html</U></A><o:p></o:p> <br/> <br/> <o:p></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">[color=#0000ff>http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm</U></A><o:p></o:p> <br/> <br/> <o:p></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#0000ff>http://windowsupdate.microsoft.com/</U></A><o:p></o:p> <br/> <br/> <o:p></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><FONT face="Times New Roman"><SPAN style="mso-spacerun: yes"> post new hijackthis log. It was only first step ;-)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/14/2004 4:57 PM
#6638
User avatar

fauche65 Member

Date Joined Nov 2016
Total Posts: 9
Thanks for the quick reply. I will do as you instructed as soon as I get home.
Posted 12/16/2004 4:23 AM
#6730
User avatar

fauche65 Member

Date Joined Nov 2016
Total Posts: 9
Hello Touch, <br/> <br/>Here is my new log: <br/> <br/>Logfile of HijackThis v1.98.2 <br/>Scan saved at 11:28:29 PM, on 12/15/2004 <br/>Platform: Windows ME (Win9x 4.90.3000) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\SYSTEM\KERNEL32.DLL <br/>C:\WINDOWS\SYSTEM\MSGSRV32.EXE <br/>C:\WINDOWS\SYSTEM\mmtask.tsk <br/>C:\WINDOWS\SYSTEM\MPREXE.EXE <br/>C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE <br/>C:\WINDOWS\SYSTEM\MSTASK.EXE <br/>C:\WINDOWS\SYSTEM\SSDPSRV.EXE <br/>C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE <br/>C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE <br/>C:\WINDOWS\SYSTEM\PSTORES.EXE <br/>C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE <br/>C:\WINDOWS\EXPLORER.EXE <br/>C:\WINDOWS\SYSTEM\SYSTRAY.EXE <br/>C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE <br/>C:\WINDOWS\TASKMON.EXE <br/>C:\WINDOWS\SYSTEM\WMIEXE.EXE <br/>C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE <br/>C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE <br/>C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE <br/>C:\WINDOWS\SYSTEM\QTTASK.EXE <br/>C:\WINDOWS\LOADQM.EXE <br/>C:\WINDOWS\SYSTEM\HPOOPM07.EXE <br/>C:\WINDOWS\SYSTEM\DDHELP.EXE <br/>C:\WINDOWS\SYSTEM\SPOOL32.EXE <br/>C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\NETFXUPDATE.EXE <br/>C:\WINDOWS\SYSTEM\CTFMON.EXE <br/>C:\PROGRAM FILES\WASHER\WASHER.EXE <br/>C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\NGEN.EXE <br/>C:\WINDOWS\SYSTEM\WINOA386.MOD <br/>C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE <br/>C:\PROGRAM FILES\ISS\BLACKICE\BLACKICE.EXE <br/>C:\WINDOWS\SYSTEM\DTWBUYX.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE <br/>C:\WINDOWS\SYSTEM\HPOIPM07.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE <br/>C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodybuilding.com <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodybuilding.com <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bodybuilding.com <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80 <br/>R3 - Default URLSearchHook is missing <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL <br/>O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL <br/>O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\MULTIMPP.DLL <br/>O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun <br/>O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe <br/>O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s <br/>O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme <br/>O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE <br/>O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime <br/>O4 - HKLM\..\Run: [LoadQM] loadqm.exe <br/>O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe <br/>O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe <br/>O4 - HKLM\..\Run: [trojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe <br/>O4 - HKLM\..\Run: [hrrydy] C:\WINDOWS\SYSTEM\dtwbuyx.exe <br/>O4 - HKLM\..\RunServices: [LoadBlackD] "C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE" <br/>O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme <br/>O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe <br/>O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe <br/>O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe <br/>O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE <br/>O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE" <br/>O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg <br/>O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\NETFXUPDATE.EXE" 0 v1.1.4322 GAC + NI NID <br/>O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe <br/>O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0 <br/>O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 <br/>O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe <br/>O4 - Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html <br/>O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html <br/>O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE <br/>O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE <br/>O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0837be82b2f1c014a522/netzip/RdxIE601.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe <br/>O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab <br/>O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe <br/>O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab <br/>O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/webinst.exe
Posted 12/16/2004 9:44 AM
#6741
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Show hidden files: <br/>[color=#0000ff><SPAN] http://www.xtra.co.nz/help/0,,4155-1916458,00.html[/color]=<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=red><<<If]</b> <br/>R3 - Default URLSearchHook is missing <br/>O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" –atboottime <br/>O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe <br/>O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe <br/>O4 - HKLM\..\Run: [hrrydy] C:\WINDOWS\SYSTEM\dtwbuyx.exe<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">Press the "Fix checked" button. Then close HijackThis. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">Reboot into Safe Mode -<SPAN style="mso-spacerun: yes"> hit F8 key untill menu shows up<o:p></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><FONT face="Times New Roman">Find and delete:<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">C:\WINDOWS\SATMAT.exe <br/>C:\WINDOWS\SYSTEM\dtwbuyx.exe<SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">Reboot and post newl logfile. Improvements?<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/16/2004 11:20 PM
#6777
User avatar

fauche65 Member

Date Joined Nov 2016
Total Posts: 9
Hello Touch, <br/> <br/>I did as you instruced and noticed a significant improvement in system performance. Here is the new log: <br/> <br/>Logfile of HijackThis v1.98.2 <br/>Scan saved at 6:25:54 PM, on 12/16/2004 <br/>Platform: Windows ME (Win9x 4.90.3000) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\SYSTEM\KERNEL32.DLL <br/>C:\WINDOWS\SYSTEM\MSGSRV32.EXE <br/>C:\WINDOWS\SYSTEM\mmtask.tsk <br/>C:\WINDOWS\SYSTEM\MPREXE.EXE <br/>C:\WINDOWS\SYSTEM\MSTASK.EXE <br/>C:\WINDOWS\SYSTEM\SSDPSRV.EXE <br/>C:\WINDOWS\EXPLORER.EXE <br/>C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE <br/>C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE <br/>C:\WINDOWS\SYSTEM\PSTORES.EXE <br/>C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE <br/>C:\WINDOWS\SYSTEM\SYSTRAY.EXE <br/>C:\WINDOWS\TASKMON.EXE <br/>C:\WINDOWS\SYSTEM\WMIEXE.EXE <br/>C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE <br/>C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE <br/>C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE <br/>C:\WINDOWS\LOADQM.EXE <br/>C:\WINDOWS\SYSTEM\HPOOPM07.EXE <br/>C:\WINDOWS\SYSTEM\CTFMON.EXE <br/>C:\WINDOWS\SYSTEM\SPOOL32.EXE <br/>C:\PROGRAM FILES\WASHER\WASHER.EXE <br/>C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE <br/>C:\PROGRAM FILES\ISS\BLACKICE\BLACKICE.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE <br/>C:\WINDOWS\SYSTEM\HPOIPM07.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE <br/>C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE <br/>C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE <br/>C:\WINDOWS\SYSTEM\DDHELP.EXE <br/>C:\WINDOWS\WUAUBOOT.EXE <br/>C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodybuilding.com <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodybuilding.com <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bodybuilding.com <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80 <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL <br/>O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL <br/>O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\MULTIMPP.DLL <br/>O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe <br/>O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun <br/>O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe <br/>O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s <br/>O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme <br/>O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE <br/>O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [LoadQM] loadqm.exe <br/>O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe <br/>O4 - HKLM\..\Run: [lvykyrwwbdg] C:\WINDOWS\SYSTEM\DTWBUYX.EXE <br/>O4 - HKLM\..\RunServices: [LoadBlackD] "C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE" <br/>O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme <br/>O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe <br/>O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe <br/>O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe <br/>O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE <br/>O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE" <br/>O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg <br/>O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe <br/>O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0 <br/>O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 <br/>O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe <br/>O4 - Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html <br/>O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html <br/>O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE <br/>O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE <br/>O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0837be82b2f1c014a522/netzip/RdxIE601.cab <br/>O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe <br/>O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab <br/>O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe <br/>O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab <br/>O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/webinst.exe
Posted 12/17/2004 8:24 AM
#6799
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Fix these with Hijackthis: <br/>O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\MULTIMPP.DLL <br/>O4 - HKLM\..\Run: [lvykyrwwbdg] C:\WINDOWS\SYSTEM\DTWBUYX.EXE <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0837be82b2f1c014a522/netzip/RdxIE601.cab <br/>O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe <br/> <br/> <br/>Delete from safe mode: <br/>C:\WINDOWS\MULTIMPP.DLL <br/>C:\WINDOWS\SYSTEM\DTWBUYX.EXE <br/> <br/> <br/>Post (hopefully) last log ;-)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/17/2004 12:11 PM
#6807
User avatar

fauche65 Member

Date Joined Nov 2016
Total Posts: 9
Hello Touch, <br/> <br/>I have not altered any of the settings that you required previously. I did as you asked in the HijackThis log, but could not find either C:\WINDOWS\MULTIMPP.DLL or C:\WINDOWS\SYSTEM\DTWBUYX.EXE when I booted into Safe Mode?? <br/> <br/> <br/>One more question: How do you feel about Torrents? I have installed BitTorrent, and want to know if it is a security risk? Thanks. <br/> <br/>Here is the new log: <br/> <br/>Logfile of HijackThis v1.98.2 <br/>Scan saved at 7:18:21 AM, on 12/17/2004 <br/>Platform: Windows ME (Win9x 4.90.3000) <br/>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <br/> <br/>Running processes: <br/>C:\WINDOWS\SYSTEM\KERNEL32.DLL <br/>C:\WINDOWS\SYSTEM\MSGSRV32.EXE <br/>C:\WINDOWS\SYSTEM\mmtask.tsk <br/>C:\WINDOWS\SYSTEM\MPREXE.EXE <br/>C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE <br/>C:\WINDOWS\SYSTEM\MSTASK.EXE <br/>C:\WINDOWS\SYSTEM\SSDPSRV.EXE <br/>C:\WINDOWS\EXPLORER.EXE <br/>C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE <br/>C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE <br/>C:\WINDOWS\SYSTEM\PSTORES.EXE <br/>C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE <br/>C:\WINDOWS\SYSTEM\SYSTRAY.EXE <br/>C:\WINDOWS\TASKMON.EXE <br/>C:\WINDOWS\SYSTEM\WMIEXE.EXE <br/>C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE <br/>C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE <br/>C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE <br/>C:\WINDOWS\LOADQM.EXE <br/>C:\WINDOWS\SYSTEM\HPOOPM07.EXE <br/>C:\WINDOWS\SYSTEM\CTFMON.EXE <br/>C:\PROGRAM FILES\WASHER\WASHER.EXE <br/>C:\WINDOWS\SYSTEM\SPOOL32.EXE <br/>C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE <br/>C:\PROGRAM FILES\ISS\BLACKICE\BLACKICE.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE <br/>C:\WINDOWS\SYSTEM\HPOIPM07.EXE <br/>C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE <br/>C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE <br/>C:\WINDOWS\SYSTEM\DDHELP.EXE <br/>C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodybuilding.com <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodybuilding.com <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bodybuilding.com <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80 <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL <br/>O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL <br/>O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX <br/>O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll <br/>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe <br/>O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun <br/>O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe <br/>O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s <br/>O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme <br/>O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE <br/>O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [LoadQM] loadqm.exe <br/>O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe <br/>O4 - HKLM\..\RunServices: [LoadBlackD] "C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE" <br/>O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme <br/>O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe <br/>O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe <br/>O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe <br/>O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE <br/>O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE" <br/>O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg <br/>O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe <br/>O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0 <br/>O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 <br/>O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe <br/>O4 - Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html <br/>O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html <br/>O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE <br/>O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE <br/>O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll <br/>O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab <br/>O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe <br/>O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab <br/>O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/webinst.exe
Posted 12/17/2004 1:51 PM
#6809
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi <br/> <br/> <br/>You have a clean log :smilewinkgrin: <br/> <br/>There will always be security risk with filesharing. I don´t know what you download, <br/> <br/>but some of it can contain virus, that´s why i don´t just answer-yes or no ;-) <br/> <br/> <br/> <br/>Enable system restore, hide system files again. <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#0000ff>http://www.javacoolsoftware.com/spywareblaster.html</FONT></U></A><BR style="mso-special-character: line-break">[/color]<SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#0000ff>http://www.javacoolsoftware.com/spywareguard.html[/u]</o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB">[color=#0000ff>https://netfiles.uiuc.edu/ehowes/www/resource.htm</U></A> <br/></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"> <br/> <br/>[color=#0000ff>http://www.unhsolutions.net/IEPK/index.shtml</U></A><o:p></o:p> <br/> <br/> <o:p></o:p>[/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; mso-ansi-language: EN-GB"><FONT face="Times New Roman">Privacy Keeper Manual:<o:p></o:p> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">http://www.unhsolutions.net/IEPK/manual<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/17/2004 2:01 PM
#6810
User avatar

fauche65 Member

Date Joined Nov 2016
Total Posts: 9
Thank you for all your help. Best of the Holiday Season. <br/> <br/>fauche65 <br/> <br/> :smile:
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 11, 2016, 1:23 AM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.