|
#1
May 23rd, 2003, 07:46 PM
|
|||
|
|||
|
Startup files
I found this after doing a startup dump with HijackThis. first of all what in the world are "Enumerating Download Program Files" second see the one toward the bottom called contentwatch. Call me paranoid but I dont like that name.
Enumerating Download Program Files: [symsupportutil] CODEBASE = https://www-secure.symantec.com/tech...upportutil.CAB OSD = C:\WINNT\Downloaded Program Files\OSD4A.OSD [QuickTime Object] InProcServer32 = C:\WINNT\System32\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [DjVuCtl Class] InProcServer32 = C:\Program Files\LizardTech\DjVuControl\DjVuControl.dll CODEBASE = http://www.lizardtech.com/plugins/en_US/DjVuControl.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINNT\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab [Brix6ie Control] InProcServer32 = C:\WINNT\System32\brix6ie.ocx CODEBASE = http://a19.g.akamai.net/7/19/7125/12...v6/brix6ie.cab [Yahoo! Audio Conferencing] InProcServer32 = C:\WINNT\Downloaded Program Files\yacscom.dll CODEBASE = http://cs6.chat.yahoo.com/v43/yacscom.cab [{41F17733-B041-4099-A042-B518BB6A408C}] CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe [RdxIE Class] InProcServer32 = C:\WINNT\Downloaded Program Files\RdxIE.dll CODEBASE = http://207.188.7.150/2579f6bd7ea400c...p/RdxIE601.cab [{69FD62B1-0216-4C31-8D55-840ED86B7C8F}] CODEBASE = http://installs.hotbar.com/installs/...ams/hotbar.cab [PWMediaSendControl Class] InProcServer32 = C:\WINNT\Downloaded Program Files\PWActiveXImgCtl.dll CODEBASE = http://216.249.24.149/code/PWActiveXImgCtl.CAB [{9DBAFCCF-592F-FFFF-FFFF-00608CEC297C}] CODEBASE = http://download.weatherbug.com/minib...ginstaller.cab [EZListings] CODEBASE = http://66.179.94.76/live/ezlistnt.cab [YahooYMailTo Class] InProcServer32 = C:\WINNT\Downloaded Program Files\ymmapi.dll CODEBASE = http://download.yahoo.com/dl/mail/ymmapi.cab [ContentAuditX Control] InProcServer32 = C:\WINNT\DOWNLO~1\CONTEN~1.OCX CODEBASE = http://a840.g.akamai.net/7/840/5805/...ditControl.cab [CV3 Class] InProcServer32 = C:\WINNT\System32\wuv3is.dll CODEBASE = http://windowsupdate.microsoft.com/R...n/actsetup.cab [Shockwave Flash Object] InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab [Microsoft Office Tools on the Web Control] InProcServer32 = C:\WINNT\Downloaded Program Files\OUTC.DLL CODEBASE = http://officeupdate.microsoft.com/Te...loads/outc.cab [ActiveDataObj Class] InProcServer32 = C:\WINNT\Downloaded Program Files\ActiveData.dll CODEBASE = https://www-secure.symantec.com/tech...ActiveData.cab [MSN Chat Control 4.0] InProcServer32 = C:\WINNT\Downloaded Program Files\MSNChat40.ocx CODEBASE = http://sc.communities.msn.com/contro...t/msnchat4.cab [TulipPlayer Class] InProcServer32 = C:\WINNT\Downloaded Program Files\TulipPlayer2.dll CODEBASE = http://www.abc.go.com/primetime/movi...lipPlayer2.cab [{FA13A9FA-CA9B-11D2-9780-00104B242EA3}] CODEBASE = http://www.wildtangent.com/install/w...ave/wtinst.cab 
|
|
#2
May 24th, 2003, 05:33 AM
|
||||
|
||||
|
Hi darrenm - re "Enumerating Download Program Files", it means that Hijack This has logged an inventory of the files in your Download Program Files folder.
Quote:
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#3
May 24th, 2003, 05:50 AM
|
||||
|
||||
|
Forum abbreviated the URL:
[ContentAuditX Control] InProcServer32 = C:\WINNT\DOWNLO~1\CONTEN~1.OCX CODEBASE = http://a840.g.akamai.net/ 7/840/5805/v1503/www.contentwatch.com/ audit/includes/ContentAuditControl.cab
__________________
CTH Mod errata: Applications - Gaming - Linux - Windows NT/2000/2003 - Windows95 forums. Search for your problem - we may have already answered it for someone else. As Private Messages are not searchable, they should not be used for asking or answering help questions. Remember that we are all here to learn so please post back and tell us if it's working (or not). If we have helped you, please consider supporting Cyber Tech Help with a subscription. OneAna.com
|
|
#4
May 24th, 2003, 05:59 AM
|
||||
|
||||
|
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#5
May 24th, 2003, 03:28 PM
|
|||
|
|||
|
[ContentAuditX Control]
InProcServer32 = C:\WINNT\DOWNLO~1\CONTEN~1.OCX CODEBASE = http://a840.g.akamai.net/7/840/5805...uditControl.cab Why is this abbreviated in my post here? Also I figured it out , I contacted the contnet watch people and they told me what was up. I ran a scan from their site a few years back and thats what that is. Can I delete all those programs in that folder or so some get used on startup?
|
|
#6
May 25th, 2003, 02:40 AM
|
||||
|
||||
|
Quote:
Quote:
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 06:44 PM.
[
RSS ]
