HiJack This**BD or Metallica please

Home » Windows Support » Software Support » HiJack This**BD or Metallica please

Rate Topic

Display Mode

Topic Options

Author

Message

Access Denied

Posted 8/1/2003 11:52 PM

Senior Forum Advisor

Group: Senior Advisor
Last Login: 8/8/2008 7:33 PM
Posts: 1,436, Visits: 775

Logfile of HijackThis v1.96.0

Scan saved at 11:51:33 , on 01-Aug-03

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\Smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Esetod32krn.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Esetod32kui.exe

C:\Program Files\PestPatrol\CookiePatrol.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\Access Denied\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll

O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Esetod32kui.exe /WAITSERVICE

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui

O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: MS-KB (HKLM)

O9 - Extra 'Tools' menuitem: MS-KB (HKLM)

O9 - Extra button: Wallpaper (HKLM)

O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O10 - Broken Internet access because of LSP provider 'imon.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU-newOCX/ocx/12110/CTSUEng.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU-newOCX/ocx/12110/CTPID.cab

Want to mention I notice some Norton here. I have NO SYMANTEC products installed. Safe to remove these ?

________________________________________________________________

Post #943

Bulldog

Posted 8/1/2003 11:52 PM

Senior Forum Advisor

Group: Senior Advisor
Last Login: 12/4/2005 12:31 AM
Posts: 4,743, Visits: 5

Eliot, I sent Pieter a PM. Hold on before fixing anything.

I see you are still running NOD32, how are you liking it ?

Cheers

Post #28269

Access Denied

Posted 8/1/2003 11:52 PM

Senior Forum Advisor

Group: Senior Advisor
Last Login: 8/8/2008 7:33 PM
Posts: 1,436, Visits: 775

It is freaking awesome. I would not go back to Norton for any reason. I have never really used anything but that until NOD32. I am sold on it. I would recommend anyone who is at the end of their subscription on Norton to take a trial run and see what they have been missing. I could go on and on but I think it speaks for itself with performance in every aspect. Don't take my word for it though. NOD32The grass is greener over there.

________________________________________________________________

Post #28270

Bulldog

Posted 8/1/2003 11:52 PM

Senior Forum Advisor

Group: Senior Advisor
Last Login: 12/4/2005 12:31 AM
Posts: 4,743, Visits: 5

I hear ya.

Cheers

Post #28271

Metallica

Posted 8/1/2003 11:52 PM

Forum Security Advisor

Group: Advisor
Last Login: 8/14/2007 12:45 PM
Posts: 263, Visits: 4

Hi Eliot,

Just some orphaned entries.

Check the following items in HijackThis.

Close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

Reboot after doing so.

The Symantec entries under O16 are from online scans.

They are safe to remove, this one:

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

should even be fixed it it is older then 06-26-2003

See http://service1.symantec.com/SUPPORT/analyzer.nsf/docid/2003062412233347?Open&src=w for more info.

Don't worry about the O10 entry. HijackThis can't find the dll because NOD's install does not specify the full path, but Windows can find it and that's what matters.

Regards,

Pieter

PS NOD32 and NAV get along just fine here.

Madly in anger with spyware

Post #28272

« Prev Topic | Next Topic »

Reading This Topic

All times are GMT -6:00, Time now is 10:45pm