Found this in Windows accidently ieuninst.exe

Discussion in 'other security issues & news' started by Desiderata1, Apr 1, 2004.

Thread Status:
Not open for further replies.
  1. Desiderata1

    Desiderata1 Registered Member

    Joined:
    Feb 21, 2004
    Posts:
    2
    I accidently found this stuff. I ran a good ole Google search and the results have me kind of scared, what is this thing? There are probably thirty Q logs dating back from 07/2002 before I had bought the computer. They end in Feb 2004. They are all text doc's and all say :::

    Service Pack started with following command line: -q -z
    Num Ticks for invent : 141


    There is a file in the middle of all this ::: Q330994.exe

    and a bunch of KB .log (s) with text saying the same first line - then - Old Information in the Registry.

    But a lead from Google gave me this web site a MS Security Bulliten web page:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;818529

    and this one which I don't understand and has scared me.....
    http://www.all-internet-security.com/spytechnetwork-report.html

    I'm not so great with these fandangled things and could use any input as to how to proceed. These files were not there or at least not showing last week! I just had problems with IE not showing graphics on certain web pages and I couldn't get Macromedia Flash to download and it all seems OK now. I see on the MS web page references to Kill bit, HTML and Active X all things that I kinda thought had to do with the graphic displaying problem. I ran HJT and all my spy finders and killers -- posted it at Tech Support Guy Forums and they gave one suggestion that didn't pan out. I'm not sure that I did anything to fix it, it fixed it's self!

    My Logitech mouse is dragging for no apparent good reason, it's a Mx700 Cordless Optical. Battery is good. And I've caught the CPU running 100% and closing ap's one by one didn't reveal the culprit only shutting down and rebooting stopped it. This has happened twice now that I've caught it.

    So here's a system info, hjt, etc. and sure hope ya'll have the time! LOL! THANK YOU! (Couldn't get here for a while! Glad to be back!)

    :rolleyes:

    Logfile of HijackThis v1.97.7
    Scan saved at 3:11:25 PM, on 4/1/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Gilat\QMS\QMS.exe
    C:\Program Files\Gilat\GSU\GSU.exe
    C:\Program Files\Gilat\IBQoS\ibqossvc.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
    C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
    C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe
    C:\Program Files\RealVNC\WinVNC\WinVNC.exe
    C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
    C:\Program Files\Gilat\NetAgent.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\apvxdwin.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\StarBand\Mission Control\TaskBarClient.exe
    C:\Program Files\StarBand\Mission Control\HsuGui\HsuGuiControl.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
    C:\PROGRA~1\StarBand\MISSIO~1\evrep.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
    C:\MSOffice\Office\MSOFFICE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Open Office\program\soffice.exe
    C:\Program Files\Steganos Password Manager 6\spm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HiJackThis\HijackThis.exe
    C:\WINDOWS\System32\notepad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thinksmart.com/mission/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.starband.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Infinate Info
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9877;https=127.0.0.1:9877
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - c:\progra~1\Anonymizer\core\Anonymizer.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} - c:\progra~1\Anonymizer\toolbar\AnonymizerBar.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [TaskBarClient] C:\Program Files\StarBand\\Mission Control\TaskBarClient.exe
    O4 - HKLM\..\Run: [NettGain2000 Verifier] C:\Program Files\Flash Networks\NettGain2000\Bst\NettGain2000 Verifier.exe
    O4 - HKLM\..\Run: [HsuGuiControl] C:\Program Files\StarBand\\Mission Control\HsuGui\HsuGuiControl.exe
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\RunServices: [NettGain2000] C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
    O4 - Startup: Trillian.lnk = ?
    O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - User Startup: Trillian.lnk = ?
    O4 - User Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
    O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\MSOffice\Office\MSOFFICE.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Grab &Selected Text... - res://C:\Program Files\Cogitum Co-Citer\CogitumHelpers.dll/ctGrab.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ICQ Lite (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Co-Citer (HKLM)
    O9 - Extra 'Tools' menuitem: Cogitum &Co-Citer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://register.starband.net
    O16 - DPF: Dialpad Webphone - https://www.dialpad.com/md/update/cham.cab
    O16 - DPF: {0DC0D258-FC70-456F-8F79-83D7DC20F0AC} (MPChWrapper.Util) - http://instantsupport.hp.com/update/030227/MPChWrapper.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sophos.webex.com/client/latest/event/ieatgpc.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

    [hr]

    ******************************************

    StartupList report, 4/1/2004, 3:10:36 PM
    StartupList version: 1.52
    Started from : C:\Program Files\HiJackThis\HijackThis.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Gilat\QMS\QMS.exe
    C:\Program Files\Gilat\GSU\GSU.exe
    C:\Program Files\Gilat\IBQoS\ibqossvc.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
    C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
    C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exeòj
    ewDc$/aol~&cy=lan&hp=n&ln=en-us&cp=null&fnl=%287307%2C1%29
     
Loading...
Thread Status:
Not open for further replies.