Jump to content


Photo

something's still a bit off...


  • Please log in to reply
1 reply to this topic

#1 hobb64

hobb64

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 02 June 2004 - 09:44 AM

Hey all, in the event of some free time, could someone look this over please?

Cpu usage usually 100%

Up to date, with regular scanning of: tredmicro internet security, adaware6, spybot s+d, housecall, spyblaster... and a few others.

Cookies turned off/prompt, SunJava installed, ActiveX on prompt, and several sites blacklisted, as precautions.

Is a folder such as "$WIN_NT$.~BT" on the C drive, normal?

thanks in advance, and if no one has the time, it's not a pressing issue.



Logfile of HijackThis v1.97.7
Scan saved at 10:29:07 AM, on 6/2/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = yeah.. i finally fixed it.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ED657BAF-1EE5-4A07-9D2E-6D0525EFC69B} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IDesktop.2.5] C:\PROGRA~1\IMMERS~1\TOUCHS~1\Clients\Desktop\IDesktop.exe 1
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5CA42785-ABC3-11D2-9F81-00104B2225C5} (Immersion Web ActiveX Control) - http://www.immersion...gins/ImmWeb.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8040.2645717593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab

#2 Starwaves

Starwaves

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 02 June 2004 - 11:01 PM

Hi,

Nice, very clean Hijack log ..........

$WIN_NT$.~BT is a normal Microsoft windows folder,

Looks good ~

;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button