Wilders Security Forums  

Go Back   Wilders Security Forums > Privacy Related Topics > privacy problems
Reload this Page is there anything here?
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old October 18th, 2003, 09:55 PM
fastdog29 fastdog29 is offline
Infrequent Poster
  
Join Date: Jul 2003
Location: Coventry,U.K.
Posts: 18
Default is there anything here?
Logfile of HijackThis v1.95.1
Scan saved at 02:23:09, on 19/10/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SETI@HOME\SETI@HOME.EXE
C:\WINDOWS\SYSTEM\OPTMOUSE.EXE
C:\PROGRAM FILES\DATA CACHING\FLASHKSK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
D:\NOADS\NOADS.EXE
C:\PROGRAM FILES\QUICK VIEW PLUS\PROGRAM\QVP32.EXE
C:\PROGRAM FILES\ISS\BLACKICE\BLACKICE.EXE
F:\TRANSPARENT42\TRANSPARENTW.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
E:\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\WUAUBOOT.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcadvisor.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = too much porn makes you go blind!!!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.252.32.6:8080
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKLM\..\Run: [Dimension4] C:\PROGRAM FILES\D4\D4.EXE
O4 - HKLM\..\Run: [OPTMOUSEMOUSE] C:\WINDOWS\SYSTEM\optmouse.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadBlackD] "C:\PROGRAM FILES\ISS\BLACKICE\BLACKD.EXE"
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [NoAds] "D:\NOADS\NOADS.EXE"
O4 - Startup: Qvp32.exe.lnk = C:\Program Files\Quick View Plus\PROGRAM\QVP32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Startup: TransparentW.exe.lnk = F:\Transparent42\TransparentW.exe
O4 - Startup: ENSMIX32.EXE.lnk = C:\WINDOWS\ENSMIX32.EXE
O4 - User Startup: Qvp32.exe.lnk = C:\Program Files\Quick View Plus\PROGRAM\QVP32.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - User Startup: TransparentW.exe.lnk = F:\Transparent42\TransparentW.exe
O4 - User Startup: ENSMIX32.EXE.lnk = C:\WINDOWS\ENSMIX32.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.pcadvisor.co.uk
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37591.8198032407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://www.webcamnow.com/voice/voice.cab
O16 - DPF: ConferenceRoom Java Client (UniVoiceX Control) - http://198.64.183.19:8000/java/cr.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/ActiveData.cab

This is more of that stmgr problem,why has State Mgr got an asterisk in front of it?
  #2  
Old October 19th, 2003, 07:41 AM
Pieter_Arntz's Avatar
Pieter_Arntz Pieter_Arntz is offline
Spyware Veteran
  
Join Date: Apr 2002
Location: Netherlands
Posts: 12,298
Default Re:is there anything here?
Hi fastdog29,

No obvious malware. See if using the latest version of HijackThis makes a big difference.

The * is used to ensure that the program runs even when starting in Safe Mode.

Regards,

Pieter
__________________
Regards,

Pieter
It´s nice to be important, but it´s more important to be nice.
Remove & Prevent spyware
It's human to make mistakes. It's even more so to blame the computer for it.
 

Wilders Security Forums > Privacy Related Topics > privacy problems « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 10:01 PM.

Contact Us - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2009, Wilders Security Forums