Jump to content


Photo

Rubber Duckys About Buster


  • Please log in to reply
1 reply to this topic

#1 david_35

david_35

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 05:44 AM

Sorry for posting this into Ducky's post earlier. Im new to this website :unsure:

Hi there

Im trying to get rid of about blank using Ducky's about buster, but before doing so i wanted to know which of the following 04's and other random stuff i can delete from my ststem. Here my latest Hijack This log...

Can someone advise me please as im pulling my hair out at the moment

Thanks

Dave

Logfile of HijackThis v1.97.7
Scan saved at 16:45:55, on 03/07/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\pctspk.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
D:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\explorer.exe
D:\WINNT\System32\RUNDLL32.EXE
D:\Program Files\Winamp\Winampa.exe
D:\WINNT\loadqm.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
D:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
D:\WINNT\system32\wintime.exe
D:\Program Files\Internet Optimizer\optimize.exe
D:\WINNT\System32\dkvznl.exe
D:\docume~1\davidm~1\locals~1\temp\msbb.exe
D:\WINNT\mstasks2.exe
D:\Program Files\Sophos SWEEP for NT\ICMON.EXE
D:\Program Files\Internet Optimizer\actalert.exe
D:\PROGRA~1\SONYER~1\MMSHOM~1\MOBILE~1\EPMWOR~1.EXE
D:\Documents and Settings\David Mayhew\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=explorer.exe D:\WINNT\System\user32.exe
F2 - REG:system.ini: Shell=explorer.exe D:\WINNT\System\user32.exe
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINNT\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - D:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINNT\wsem218.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - D:\WINNT\Downloaded Program Files\bridge.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINNT\nem218.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [Lexmark X1100 Series] "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] D:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [WinTime] D:\WINNT\system32\wintime.exe
O4 - HKLM\..\Run: [System Service] D:\WINNT\System32\msrexe.exe
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [dbsjbvh] D:\WINNT\System32\dkvznl.exe
O4 - HKLM\..\Run: [msbb] d:\docume~1\davidm~1\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [ist service uninstall] D:\WINNT\mstasks2.exe /u
O4 - Global Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterCheck Monitor.LNK = D:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flings...TInc/bridge.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 31 August 2004 - 03:40 PM

  • HijackThis ...
    • Double click on "My Computer" to open it.
    • Double click on the local "C-Drive" to open it.
    • Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT.
    • Please download HijackThis from any of the following locations:
    • spywareinfo.com
    • subratam.org
    • tools.zerosrealm.com
  • Install/Unzip it into C:\HJT.
  • Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.
  • Run HijackThis, click on scan and wait for the scan to finish.
  • The "Scan" button will change to "Save Log", click on it and simply press "Save" on the window that will appear.
  • Notepad will open with a copy of the log.
    • Click on "Edit" => "Select All".
    • Click on "Edit" => "Copy". This will copy the contents of the Notepad instance to the clipboard.
  • Please post your entire log here for analysis.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button