Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help * Need Help Romoving Junk

Started by d_tailor , Jul 27 2004 10:15 PM

  • Please log in to reply
No replies to this topic

#1 d_tailor

d_tailor

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 27 July 2004 - 10:15 PM

Logfile of HijackThis v1.97.7
Scan saved at 10:57:05 PM, on 7/27/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Navnt\defwatch.exe
C:\Program Files\Navnt\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\System32\CCM\CcmExec.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Citrix\PNAgent\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\tp4mon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\glpsvh.exe
C:\Program Files\WorldFlash\WFStartup.exe
C:\WINNT\System32\wintsvcc.exe
C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\Oib9EG.exe
C:\WINNT\System32\Oib9EG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
D:\Profiles\adt002\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O1 - Hosts: 129.188.6.103 internalcontrolsdev.mot.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - D:\Profiles\adt002\LOCALS~1\Temp\systb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINNT\Downloaded Program Files\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINNT\system32\SWin32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [MotLogonInfo] C:\WINNT\UsrLogon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qbmnpzsltxmns] C:\WINNT\System32\glpsvh.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [77tQ3tl] s32cmon.exe
O4 - HKLM\..\Run: [32@GTFC2L@W7E@] C:\WINNT\System32\VmvDvb.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINNT\system32\automove.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINNT\wupdt.exe
O4 - HKCU\..\Run: [WFStartup] C:\Program Files\WorldFlash\WFStartup.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [WCPC] C:\WINNT\System32\wintsvcc.exe
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [POPUPWATCH] C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe /STARTUP
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Mw24RjJng] tcpdat10.exe
O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "C:\Program Files\iolo\System Mechanic 4\SMUtilityBar.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: eHELP (HKLM)
O9 - Extra 'Tools' menuitem: eMotorola (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Motorola Instant Messaging v1.1g (HKLM)
O16 - DPF: ita60 - http://itassistant.mot.com/ITA60.CAB
O16 - DPF: {0075546E-5D3D-11D2-A3E5-0060971304D8} (WTX_Installer Class) - http://www.webtrends...t/wtx_setup.dll
O16 - DPF: {008BBE7E-C096-11D0-B4E3-00A0C901D681} (TeeChart Pro Activex control) - http://itassistant.m.../ITASupport.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1FB464C8-09BB-4017-A2F5-EB742F04392F} (Microsoft Terminal Services Control (redist)) - http://webhost.mot.c...web/mstscax.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {43E1F2E4-C2BA-11D3-AC40-0050049804AB} (Update Class) - http://64.39.69.14/dev/update.cab
O16 - DPF: {52ADE293-85E8-11D2-BB22-00104B0EA281} (MS Investor Ticker) - http://fdl.msn.com/p...r/v7/ticker.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) -
O16 - DPF: {555751C0-DD98-11D2-A963-00E02921F943} (ABT Connect) - http://wrocabtsql01....ect/connect.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...llInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {6BD4FB43-470E-11D2-B99D-00104B02C956} (AtDownloadIE Class) - http://openair.webex...ex/atbootie.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...51/QDow_AS2.cab
O16 - DPF: {9A04E3F0-3BB2-11D2-91E2-00C04FAEC46B} (NMClient Class) - http://meet-amer.mot...Bin/xcliacc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8149.9350925926
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://helpdesk.mot....tivexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webmethods.w...bex/ieatgpc.cab
O16 - DPF: {E38D7E4D-BEBB-4A5D-B9CC-41EE128214FE} (Web Conferencing Pro Application Sharing Control) - http://dantegroup.ra...re_1,31,0,0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O16 - DPF: {F2CA2115-C8D2-11D1-BEBD-00A0C95A6A5C} (WebReportSource Class) - http://reports.mot.c...tivexviewer.cab

    Advertisements

Register to Remove

Related Topics

Back to What the Heck? · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Discussion
  3. What the Heck?
  4. Privacy Policy
  5. Terms of Use ·