Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old November 14th, 2003, 04:14 AM
KC KILLA DAMIN KC KILLA DAMIN is offline
Member
 
Join Date: Feb 2003
Age: 41
Posts: 68
Task Manager-uneccessary programs?

Logfile of HijackThis v1.97.2
Scan saved at 9:10:29 PM, on 11/13/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\Winnet.exe
C:\Program Files\RVP\bpc.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Gator.com\Gator\Gator.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Documents and Settings\Admin\Desktop\DC++\DCPlusPlus.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wrestlingexposed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ams-server*;
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - c:\Program Files\Flt\Flt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [XupiterToolbarLoader] C:\Program Files\Xupiter\XupiterToolbarLoader.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\Winnet.exe
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
O4 - HKLM\..\Run: [Microsoft Indexer] C:\Windows\Command\MsIndexer.exe
O4 - HKLM\..\Run: [ZAP] C:\zapwin2kxp.BAT
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: ZDelete Auto-Cleaner (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2128dc7594bf8a8...p/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...698.3183449074
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EBC448F6-3C86-4689-8F5A-088B87E5C725} (Wonderhorse Listener ActiveX Control 1.2) - http://talkradio.alternacast.net/tal...whlisten12.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
Reply With Quote
  #2  
Old November 14th, 2003, 04:31 AM
lufbra lufbra is offline
CTH Subscriber
 
Join Date: Sep 2000
O/S: Windows 10 Home
Posts: 12,532
Nice HiJack list there KC, I take it you'd like some help with it?
Reply With Quote
  #3  
Old November 14th, 2003, 05:10 AM
KC KILLA DAMIN KC KILLA DAMIN is offline
Member
 
Join Date: Feb 2003
Age: 41
Posts: 68
yea if u can , ive had that prog for a few weeks and dunno what all that means
Reply With Quote
  #4  
Old November 14th, 2003, 05:32 AM
zipulrich's Avatar
zipulrich zipulrich is offline
Cyber Tech Help Administrator
 
Join Date: Oct 2000
Location: Deep South
Age: 20
Posts: 8,965
Well, among other stuff you've managed to pick up winnet & comwiz (CommonName), Gator, NewDotNet, Xupiter, etc. Strong suggestion to d/l and run Spybot S&D from here. Update it to the latest includes, then run it. Once its finished, it'll prompt you to 'fix problems'. Once you do that, run Hijack again and post the log back in this same thread please.
Reply With Quote
  #5  
Old November 14th, 2003, 05:51 AM
KC KILLA DAMIN KC KILLA DAMIN is offline
Member
 
Join Date: Feb 2003
Age: 41
Posts: 68
i want gator on there and i got spybot and that didnt pick it up 2 days ago and i never new if winnet was good or bad
Reply With Quote
  #6  
Old November 14th, 2003, 06:16 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
It looks like you have a trojan running as well as all the spyware on your PC. Go here and run a scan on your PC. If RAV detects any malware, copy the log and post it back in this thread.

Before you ran Spybot, did you make sure that you have the latest version and go online and update it first?
Reply With Quote
  #7  
Old November 14th, 2003, 08:32 AM
KC KILLA DAMIN KC KILLA DAMIN is offline
Member
 
Join Date: Feb 2003
Age: 41
Posts: 68
lol, this is gona take all night
Reply With Quote
  #8  
Old November 14th, 2003, 10:08 AM
KC KILLA DAMIN KC KILLA DAMIN is offline
Member
 
Join Date: Feb 2003
Age: 41
Posts: 68
Scan started at 11/14/2003 12:47:05 AM

Scanning memory...
Scanning boot sectors...
Scanning files...

Scanned
============================
Objects: 55705
Directories: 5142
Archives: 2058
Size(Kb): 1004444
Infected files: 0

Found
============================
Viruses found: 0
Suspicious files: 0
Disinfected files: 0
Mail files: 359
Reply With Quote
  #9  
Old November 14th, 2003, 10:10 AM
KC KILLA DAMIN KC KILLA DAMIN is offline
Member
 
Join Date: Feb 2003
Age: 41
Posts: 68
and im trying to do a system restore and right b4 it reboots a popup appears saying i have a .exe trojan in my System info directory and then it says it cant do the restore
Reply With Quote
  #10  
Old November 14th, 2003, 10:32 AM
tb525 tb525 is offline
Malware Removal Team Advisor
 
Join Date: Sep 2002
O/S: Windows 7 32-bit
Posts: 3,151
Run Spybot, reboot and run HijackThis again and post a new log.
Reply With Quote
  #11  
Old November 14th, 2003, 10:35 AM
KC KILLA DAMIN KC KILLA DAMIN is offline
Member
 
Join Date: Feb 2003
Age: 41
Posts: 68
ok ill do that when i get up
Reply With Quote
  #12  
Old November 14th, 2003, 01:50 PM
Dodge's Avatar
Dodge Dodge is offline
CTH Subscriber
 
Join Date: May 2001
O/S: Windows Vista 32-bit
Location: Kentucky
Age: 47
Posts: 6,421
Also go to http://www3.ca.com/virusinfo/virusscan.aspx and run CA's online scan. I usually run two separate ones as one may catch something the other doesn't.
Reply With Quote
  #13  
Old November 14th, 2003, 01:52 PM
twistedcranium's Avatar
twistedcranium twistedcranium is offline
CTH Subscriber
 
Join Date: May 2003
Posts: 1,133
Quote:
Originally Posted by KC KILLA DAMIN
i want gator on there and i got spybot and that didnt pick it up 2 days ago and i never new if winnet was good or bad
Now this is my opinion of course, but if you want Gator to remain on your system, then you are simply wasting the time of the folks helping clean your system.
Reply With Quote
  #14  
Old November 14th, 2003, 09:14 PM
KC KILLA DAMIN KC KILLA DAMIN is offline
Member
 
Join Date: Feb 2003
Age: 41
Posts: 68
i want gator on there casue it stores alota my passes to site i dont remmember them to
Reply With Quote
  #15  
Old November 14th, 2003, 10:55 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Try Roboform. It's a spyware free alternative.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Mom's PC acting suspecious programs running in task manager. HJT Log Included. Angel180 Malware Removal 34 July 12th, 2008 06:59 AM
Programs in Task Manager. . . Trinity5_14 Windows 98 3 April 4th, 2005 11:16 PM
Xp task bar freezes and Task manager will not display rulepar Windows XP 1 October 10th, 2004 06:29 PM
NO task bar or programs in task manager!!! pd1362 Windows 98 3 September 27th, 2004 03:47 AM
Task Manager-uneccessary programs? donstinson Windows XP 8 November 15th, 2003 10:07 AM


All times are GMT +1. The time now is 11:56 AM.