|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
April 16th, 2004, 10:37 AM
|
|||
|
|||
hijackthis log
Logfile of HijackThis v1.97.7
Scan saved at 10:29:46 AM, on 4/16/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\PackethSvc.exe C:\Program Files\FactorySuite\Common\aaLogger.exe C:\WINNT\System32\Ati2evxx.exe C:\PROGRA~1\WONDER~1\DAServer\DASABTCP\Bin\DASABTCP.exe C:\Program Files\Common Files\Rockwell\EventServer.exe C:\WINNT\System32\svchost.exe C:\Program Files\FactorySuite\Common\NTServApp.exe C:\WINNT\Intellution\iLicenseSvc.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe C:\PROGRA~1\Navnt\navapsvc.exe C:\PROGRA~1\Navnt\npssvc.exe C:\WINNT\system32\OpcEnum.exe C:\WINNT\system32\regsvc.exe C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe C:\WINNT\Explorer.EXE C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe C:\Program Files\Common Files\Rockwell\RsvcHost.exe C:\WINNT\system32\MSTask.exe C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RxMon.exe C:\WINNT\System32\tcpsvcs.exe C:\Program Files\FactorySuite\Common\slssvc.exe C:\WINNT\system32\drivers\svchost.exe C:\WINNT\system32\svchost.exe C:\Program Files\FactorySuite\Common\wwlogsvc.exe C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe C:\Program Files\Common Files\Rockwell\RnaDirServer.exe C:\WINNT\system32\Atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe C:\PROGRA~1\Navnt\alertsvc.exe C:\WINNT\system32\sysinfo.exe C:\WINNT\system32\olehelp.exe C:\winnt\winlogon.exe C:\Program Files\Navnt\navapw32.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe C:\Program Files\TechSmith\SnagIt 6\SnagIt32.exe C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe C:\Program Files\Wilder\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my-find.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my-find.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycomus.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my-find.com/index.htm O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [sysinfo.exe] C:\WINNT\system32\sysinfo.exe O4 - HKCU\..\Run: [olehelp] C:\WINNT\system32\olehelp.exe O4 - HKCU\..\Run: [winlogon] c:\winnt\winlogon.exe O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe O4 - Global Startup: SnagIt 6.lnk = C:\Program Files\TechSmith\SnagIt 6\SnagIt32.exe O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7909.207337963 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E1A154-ED37-43EE-9634-F5ED6C2CE7D3}: NameServer = 24.104.0.35,24.104.0.34 |
|
#2
April 16th, 2004, 11:07 AM
|
||||
|
||||
|
Re: hijackthis log
Hi mkk,
Download and run: http://www.spywareinfoforum.com/~mer...CWShredder.exe Use the Fix button and follow the instructions you will receive. Reboot, run HijackThis again and post the new log please. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#3
April 16th, 2004, 11:16 AM
|
|||
|
|||
|
Re: hijackthis log
Logfile of HijackThis v1.97.7
Scan saved at 11:12:00 AM, on 4/16/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\PackethSvc.exe C:\Program Files\FactorySuite\Common\aaLogger.exe C:\WINNT\System32\Ati2evxx.exe C:\PROGRA~1\WONDER~1\DAServer\DASABTCP\Bin\DASABTCP.exe C:\Program Files\Common Files\Rockwell\EventServer.exe C:\WINNT\System32\svchost.exe C:\Program Files\FactorySuite\Common\NTServApp.exe C:\WINNT\Intellution\iLicenseSvc.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe C:\PROGRA~1\Navnt\navapsvc.exe C:\PROGRA~1\Navnt\npssvc.exe C:\WINNT\system32\OpcEnum.exe C:\WINNT\system32\regsvc.exe C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe C:\WINNT\Explorer.EXE C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe C:\Program Files\Common Files\Rockwell\RsvcHost.exe C:\WINNT\system32\MSTask.exe C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RxMon.exe C:\WINNT\System32\tcpsvcs.exe C:\Program Files\FactorySuite\Common\slssvc.exe C:\WINNT\system32\drivers\svchost.exe C:\WINNT\system32\svchost.exe C:\Program Files\FactorySuite\Common\wwlogsvc.exe C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe C:\Program Files\Common Files\Rockwell\RnaDirServer.exe C:\WINNT\system32\Atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe C:\PROGRA~1\Navnt\alertsvc.exe C:\WINNT\system32\sysinfo.exe C:\WINNT\system32\olehelp.exe C:\Program Files\Navnt\navapw32.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe C:\Program Files\TechSmith\SnagIt 6\SnagIt32.exe C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe C:\Program Files\Wilder\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycomus.com O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [sysinfo.exe] C:\WINNT\system32\sysinfo.exe O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe O4 - Global Startup: SnagIt 6.lnk = C:\Program Files\TechSmith\SnagIt 6\SnagIt32.exe O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7909.207337963 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E1A154-ED37-43EE-9634-F5ED6C2CE7D3}: NameServer = 24.104.0.35,24.104.0.34 |
|
#4
April 16th, 2004, 11:32 AM
|
||||
|
||||
|
Re: hijackthis log
Hi mkk,
Check the items below in HijackThis, close all windows except HijackThis and click Fix checked: O4 - HKCU\..\Run: [sysinfo.exe] C:\WINNT\system32\sysinfo.exe Then reboot, download and use http://securityresponse.symantec.com...oval.tool.html And read How did I get infected anyway? Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
|
#5
April 16th, 2004, 11:38 AM
|
|||
|
|||
Re: hijackthis log
Thank you.
I also found that this system had none of the Microsoft security updates installed on it in the last year. You provide an extremely valuable service here. I'm impressed. Thanks again. |
|
#6
April 16th, 2004, 02:18 PM
|
||||
|
||||
|
Re: hijackthis log
Glad we could help.
 Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
