Jump to content


Photo

slowing down my progress


  • Please log in to reply
1 reply to this topic

#1 croomian

croomian

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 July 2004 - 11:02 AM

i'm trying to work with one of our web-based products, but because of the malware on my machine, my progress has been nil. can you please help?

StartDreck (build 2.1.5 public BETA) - 2004-07-20 @ 08:58:13
Platform: Windows 2000 (Win NT 5.0.2195 Service Pack 4)

舞egistry
舞un Keys
翟urrent User
舞un
*H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
*The Spyware Killer="C:\Program Files\TheSpywareKiller\TheSpywareKiller.exe" /s
舞unOnce
聞efault User
舞un
舞unOnce
*^SetupICWDesktop=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
腿ocal Machine
舞un
*Synchronization Manager=mobsync.exe /logon
*NvCplDaemon=RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*projselector="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
*RoxioEngineUtility="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
*RoxioDragToDisc="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
*RoxioAudioCentral="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
*IntelliPoint="C:\Program Files\Microsoft IntelliPoint\point32.exe"
*vptray=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*SystemTray=SysTray.Exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
*Adstartup=C:\WINNT\system32\automove.exe
*MSN Manager=C:\WINNT\system32\tsmgr.exe
*msnappau="C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
*WinTools=C:\Program Files\Common Files\WinTools\WToolsA.exe
*updater=C:\Program Files\Common files\updater\wupdater.exe
*SAHAgent=C:\WINNT\system32\SahAgent.exe
*Belt=C:\WINNT\Belt.exe
*Installed=1
*NoChange=1
*Installed=1
*Installed=1
舞unOnce
舞unServices
舞unServicesOnce
舞unOnceEx
舞unServicesOnceEx
肇iles
艋ystem/Drivers
舞unning Processes
*00000000=<unkown>
*00000008=<unkown>
*000000B4=\SystemRoot\System32\smss.exe
*000000D0=<unkown>
*000000CC=\??\C:\WINNT\system32\winlogon.exe
*00000100=C:\WINNT\system32\services.exe
*0000010C=C:\WINNT\system32\lsass.exe
*000001C4=C:\WINNT\system32\svchost.exe
*000001DC=C:\WINNT\system32\spoolsv.exe
*0000020C=C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
*00000218=C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
*00000228=C:\WINNT\system32\svchost.exe
*00000240=C:\PROGRA~1\LiveNote\FireBird\bin\fbguard.exe
*00000260=C:\PROGRA~1\LiveNote\FireBird\bin\fbserver.exe
*00000294=c:\jetsuite\jsdaemon.exe
*000002B4=C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
*000002E8=C:\WINNT\system32\nvsvc32.exe
*000002FC=C:\WINNT\system32\regsvc.exe
*0000030C=C:\WINNT\system32\MSTask.exe
*0000034C=C:\PROGRA~1\LiveNote\OPENSL~1.11\slpd.exe
*00000388=C:\WINNT\System32\WBEM\WinMgmt.exe
*000003B8=C:\WINNT\system32\svchost.exe
*000003CC=C:\PROGRA~1\LiveNote\ENTERP~1\elas.exe
*0000052C=C:\WINNT\Explorer.EXE
*00000204=C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
*00000554=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
*00000528=C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
*00000524=C:\Program Files\Microsoft IntelliPoint\point32.exe
*000005D4=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
*000005E4=C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
*000005F0=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
*00000630=C:\Program Files\iTunes\iTunesHelper.exe
*00000650=C:\Program Files\iPod\bin\iPodService.exe
*00000680=C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe
*00000688=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
*000006B0=C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
*000006B8=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
*000006D0=C:\Program Files\Trillian\trillian.exe
*00000760=C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
*0000053C=C:\WINNT\system32\svchost.exe
*00000354=C:\Program Files\Internet Explorer\iexplore.exe
*000007FC=C:\Program Files\Common Files\WinTools\WToolsA.exe
*000007E8=C:\Program Files\Common Files\WinTools\WSup.exe
*00000834=C:\Program Files\Common files\updater\wupdater.exe
*00000850=C:\WINNT\system32\SahAgent.exe
*00000568=T:\goldmine\gmw5.exe
*000008E0=C:\Program Files\Internet Explorer\iexplore.exe
*0000098C=C:\WINNT\system32\msiexec.exe
*00000910=C:\unzipped\startdreck\StartDreck.exe
翠pplication specific

#2 croomian

croomian

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 July 2004 - 11:06 AM

here's my hiJackThis log too:

Logfile of HijackThis v1.97.7
Scan saved at 9:16:47 AM, on 7/20/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\LiveNote\FireBird\bin\fbguard.exe
C:\PROGRA~1\LiveNote\FireBird\bin\fbserver.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\LiveNote\OPENSL~1.11\slpd.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\LiveNote\ENTERP~1\elas.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINNT\system32\SahAgent.exe
T:\goldmine\gmw5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livenote.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem219.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINNT\system32\ATPART~1.DLL
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINNT\system32\SWin32.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINNT\system32\automove.exe
O4 - HKLM\..\Run: [MSN Manager] C:\WINNT\system32\tsmgr.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINNT\system32\SahAgent.exe
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [The Spyware Killer] "C:\Program Files\TheSpywareKiller\TheSpywareKiller.exe" /s
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Shortcut to Microsoft Outlook.lnk = ?
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.netpaloff...O1/Mx0n11n3.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://www.plaxo.com...laxoInstall.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3C5BA506-6C30-4738-9CED-797ACADEA8DC} - http://www.sqwire.co...QLoader3303.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywa...r2501031120.EXE
O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelo...rT_3.0.7_B3.cab
O16 - DPF: {5626EAD9-7BDE-4C2D-B356-E49C11448B11} (LinkerCtl Class) - https://www.livenote...ivex/Linker.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {76D9511A-DA31-4F1F-A7DF-BB66BB9011DE} (UpLoadCtl Class) - https://www.livenote...ex/Uploader.dll
O16 - DPF: {8F2356B2-AE3F-4048-981E-5C28651C2C67} (WebNote Control) - file://C:\Program Files\LiveNote\LiveNoteWeb\LiveNoteWeb.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...37918.743599537
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DBAAF24F-0FFF-4B73-8781-D2F647DE63BA} (VideoSyncMFC Control) - https://www.livenote...ideoSyncMFC.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://livenote.web...bex/ieatgpc.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://www.download-...StarInstall.ocx
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O16 - DPF: {FDE14979-D821-4CD8-BE1C-9D6AF01D097F} (VMTOCCtrl Class) - file://C:\Program Files\LiveNote\LiveNoteWeb\help\vm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = livenote.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = livenote.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = livenote.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button