|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Task Manager-uneccessary programs?
Logfile of HijackThis v1.97.2
Scan saved at 9:10:29 PM, on 11/13/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\CMEII\CMESys.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\PROGRA~1\COMMON~2\ADDRES~1\Winnet.exe C:\Program Files\RVP\bpc.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Gator.com\Gator\Gator.exe C:\Program Files\Common Files\GMT\GMT.exe C:\Documents and Settings\Admin\Desktop\DC++\DCPlusPlus.exe C:\Program Files\AIM\aim.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Admin\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wrestlingexposed.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ams-server*; O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - c:\Program Files\Flt\Flt.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe" O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [XupiterToolbarLoader] C:\Program Files\Xupiter\XupiterToolbarLoader.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\Winnet.exe O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe" O4 - HKLM\..\Run: [Microsoft Indexer] C:\Windows\Command\MsIndexer.exe O4 - HKLM\..\Run: [ZAP] C:\zapwin2kxp.BAT O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O9 - Extra button: ZDelete Auto-Cleaner (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O11 - Options group: [CommonName] CommonName O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2128dc7594bf8a8...p/RdxIE601.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...698.3183449074 O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {EBC448F6-3C86-4689-8F5A-088B87E5C725} (Wonderhorse Listener ActiveX Control 1.2) - http://talkradio.alternacast.net/tal...whlisten12.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/...x/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab |
#2
|
|||
|
|||
Nice HiJack list there KC, I take it you'd like some help with it?
|
#3
|
|||
|
|||
yea if u can , ive had that prog for a few weeks and dunno what all that means
|
#4
|
||||
|
||||
Well, among other stuff you've managed to pick up winnet & comwiz (CommonName), Gator, NewDotNet, Xupiter, etc. Strong suggestion to d/l and run Spybot S&D from here. Update it to the latest includes, then run it. Once its finished, it'll prompt you to 'fix problems'. Once you do that, run Hijack again and post the log back in this same thread please.
|
#5
|
|||
|
|||
i want gator on there and i got spybot and that didnt pick it up 2 days ago and i never new if winnet was good or bad
|
#6
|
||||
|
||||
It looks like you have a trojan running as well as all the spyware on your PC. Go here and run a scan on your PC. If RAV detects any malware, copy the log and post it back in this thread.
Before you ran Spybot, did you make sure that you have the latest version and go online and update it first? |
#7
|
|||
|
|||
lol, this is gona take all night
|
#8
|
|||
|
|||
Scan started at 11/14/2003 12:47:05 AM
Scanning memory... Scanning boot sectors... Scanning files... Scanned ============================ Objects: 55705 Directories: 5142 Archives: 2058 Size(Kb): 1004444 Infected files: 0 Found ============================ Viruses found: 0 Suspicious files: 0 Disinfected files: 0 Mail files: 359 |
#9
|
|||
|
|||
and im trying to do a system restore and right b4 it reboots a popup appears saying i have a .exe trojan in my System info directory and then it says it cant do the restore
|
#10
|
|||
|
|||
Run Spybot, reboot and run HijackThis again and post a new log.
|
#11
|
|||
|
|||
ok ill do that when i get up
|
#12
|
||||
|
||||
Also go to http://www3.ca.com/virusinfo/virusscan.aspx and run CA's online scan. I usually run two separate ones as one may catch something the other doesn't.
|
#13
|
||||
|
||||
Quote:
|
#14
|
|||
|
|||
i want gator on there casue it stores alota my passes to site i dont remmember them to
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Mom's PC acting suspecious programs running in task manager. HJT Log Included. | Angel180 | Malware Removal | 34 | July 12th, 2008 06:59 AM |
Programs in Task Manager. . . | Trinity5_14 | Windows 98 | 3 | April 4th, 2005 11:16 PM |
Xp task bar freezes and Task manager will not display | rulepar | Windows XP | 1 | October 10th, 2004 06:29 PM |
NO task bar or programs in task manager!!! | pd1362 | Windows 98 | 3 | September 27th, 2004 03:47 AM |
Task Manager-uneccessary programs? | donstinson | Windows XP | 8 | November 15th, 2003 10:07 AM |
All times are GMT +1. The time now is 11:56 AM.