Results 1 to 6 of 6

Thread: Hijackthis Log

  1. #1
    Logfile of HijackThis v1.97.7
    Scan saved at 11:43:39 PM, on 6/23/2004
    Platform: Windows XP SP1
    MSIE: Internet Explorer v6.00 SP1

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\Mixer.exe
    C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\The Cleaner\tca.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\FreeRAM XP Pro 1.40.exe
    C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
    C:\Program Files\Washee\Washee.exe
    C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
    C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe
    C:\Program Files\NetAssistant\bin\mpbtn.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Owner\Desktop\Marc\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/default.armx
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://start.sympatico.ca/
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
    O2 - BHO: (no name) - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\PopUpWasher21.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [WinPatrol PLUS] C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Owner\Local Settings\Temp\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
    O4 - HKCU\..\Run: [Washee] C:\Program Files\Washee\Washee.exe            FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
    O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "C:\PROGRA~1\iolo\SYSTEM~1\SMUtilityBar.exe"
    O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Add to Ad Hunter - C:\Program Files\MYIE2\config/blacklist.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Run DAP (HKLM)
    O9 - Extra button: Research (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A42E51-0BE2-4CFF-AA45-2E0F77FB1F40}: NameServer = 206.47.244.43 206.47.244.107


  2. Software & Hardware   -   #2
    Poster
    Join Date
    Mar 2003
    Posts
    365
    I'm no expert, but I would get rid of DAP.

    pestpatrol

  3. Software & Hardware   -   #3
    zapjb's Avatar Computer Abuser BT Rep: +3
    Join Date
    Nov 2002
    Posts
    3,606
    Post it in the HT! forum. D'oh!

  4. Software & Hardware   -   #4
    Debaser
    Join Date
    Oct 2003
    Location
    Ohierz
    Age
    43
    Posts
    477
    I'm no expert either but lsass.exe could be the sasser virus, or it could just be for your logon details, either way wouldn't hurt to get that checked.

  5. Software & Hardware   -   #5
    Poster
    Join Date
    Feb 2003
    Location
    Right here
    Posts
    138
    Originally posted by xxxSHARExxx@24 June 2004 - 00:43
    C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    ...
    C:\Program Files\NetAssistant\bin\mpbtn.exe
    ...
    O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
    ...
    O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    ...
    C:\Program Files\Washee\Washee.exe
    ...
    O4 - HKCU\..\Run: [Washee] C:\Program Files\Washee\Washee.exe            FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime
    ...
    O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
    ...
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    PRONoMgr? Manager for your pr0n??




    But seriously, these ones look kinda suspicious. And I kinda wonder about those Sympatico ones.
    Kazaa Corruption Fixer --> Fix any corrupted CD image, archive, or video file you've downloaded with Kazaa.

  6. Software & Hardware   -   #6
    manker's Avatar effendi
    Join Date
    May 2004
    Location
    I wear an Even Steven wit
    Posts
    32,394
    nm
    I plan on beating him to death with his kids. I'll use them as a bludgeon on his face. -

    --Good for them if they survive.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •