Can anybody help?

Discussion in 'privacy problems' started by iglis1dl, Jun 21, 2004.

Thread Status:
Not open for further replies.
  1. iglis1dl

    iglis1dl Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    4
    After running ad-aware and spybot S&D a "When U search" tool bar appeared over the task bar. Was able to uninstall "When U search" along with clocksync and purityscan.
    Then created the HijackThis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 8:48:13 AM, on 6/21/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
    C:\Ideas10m3\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
    C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\ORL\VNC\WinVNC.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT\system32\internat.exe
    C:\Documents and Settings\DALLALGI\Application Data\ueer.exe
    C:\WINNT\system32\wnstssu.exe
    C:\WINNT\system32\NDrv.exe
    C:\ACCESS97\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    P:\Ingenierie\Travail\Dallalgi\pcmedicalfiles\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-for-you.com/srh/130/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-for-you.com/srh/130/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-for-you.com/srh/130/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-for-you.com/130/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/130/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-for-you.com/srh/130/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/130/
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-for-you.com/srh/130/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-for-you.com/130/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-for-you.com/srh/130/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-for-you.com/srh/130/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-for-you.com/srh/130/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-for-you.com/srh/130/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-for-you.com/srh/130/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ps.setpac.ge.com\pac.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http-proxy.geps.ge.com:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.search-for-you.com/srh/130/
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.search-for-you.com/srh/130/
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://ps.home.ge.com/MainPage"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
    O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINNT\system32\NDrv.dll
    O3 - Toolbar: SupportCentral - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINNT\System32\SCTOOL~1.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ntldr] C:\WINNT\system32\ntldr.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [Sametime Connect] C:\Program Files\Lotus\Sametime Client\Connect.exe
    O4 - HKCU\..\Run: [Etbh] C:\Documents and Settings\DALLALGI\Application Data\ueer.exe
    O4 - HKCU\..\Run: [WNSA] C:\WINNT\system32\wnstssu.exe
    O4 - HKCU\..\Run: [NDrv] C:\WINNT\system32\NDrv.exe
    O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
    O4 - Startup: Shortcut to Microsoft Outlook.lnk = ?
    O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Office Startup.lnk = C:\ACCESS97\Office\OSA.EXE
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
    O9 - Extra button: Copernic Agent (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Sametime Meeting Room Client ST30EMS - http://3.184.132.31/sametime/stmeetingroomclient/STMeetingRoomClient.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.toolbars-cash.com/clk/130.chm::/file.exe
    O16 - DPF: {22F5A0F0-5A38-11D2-A904-0060083A3A61} (ProjectNet Online Java Utility) - https://collaboration.gepower.com/classes/pnetOnlineUtilExt.cab
    O16 - DPF: {24CEC0BF-C8BC-4BCB-B804-226326B319EF} (JNILoader Control) - http://3.184.132.31/sametime/STMeetingRoomClient/STJNILoader.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {944659D0-0874-11D1-9A64-006097DBFA08} (ProjectNet Java Classes) - https://collaboration.gepower.com/classes/PnetLib.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.