Tech Support Guy banner
Cancel

hijackthis & spybotSD & startuplist

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 2 of 2 Posts
S

· Registered
Joined
·
8 Posts
Discussion Starter · #1 ·
Weird stuff happening, can't get Macromedia to d/l the Flash, some pictures/graphics won't show on certain web pages, ie: the Flash d/l web site. Thanks in advance for any help!

Logfile of HijackThis v1.97.7
Scan saved at 6:14:18 PM, on 3/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Gilat\QMS\QMS.exe
C:\Program Files\Gilat\GSU\GSU.exe
C:\Program Files\Gilat\IBQoS\ibqossvc.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\apvxdwin.exe
C:\Program Files\Gilat\NetAgent.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.starband.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Infinate Info
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9877;https=127.0.0.1:9877
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - c:\progra~1\Anonymizer\core\Anonymizer.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} - c:\progra~1\Anonymizer\toolbar\AnonymizerBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\RunServices: [NettGain2000] C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Grab &Selected Text... - res://C:\Program Files\Cogitum Co-Citer\CogitumHelpers.dll/ctGrab.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Co-Citer (HKLM)
O9 - Extra 'Tools' menuitem: Cogitum &Co-Citer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://register.starband.net
O16 - DPF: Dialpad Webphone - https://www.dialpad.com/md/update/cham.cab
O16 - DPF: {0DC0D258-FC70-456F-8F79-83D7DC20F0AC} (MPChWrapper.Util) - http://instantsupport.hp.com/update/030227/MPChWrapper.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sophos.webex.com/client/latest/event/ieatgpc.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

*********************************************************

WildTangent: Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\WildTangent

Windows Registry: Results.hlp (Missing helpfile, nothing done)
F:\Cdonline

Windows Registry: matcli.exe (Wrong app path, nothing done)

Windows Registry: minstall.exe (Wrong app path, nothing done)

Windows Registry: mpbtn.exe (Wrong app path, nothing done)

Windows Registry: pbrush.exe (Wrong app path, nothing done)
%SystemRoot%\system32\mspaint.exe

Windows Registry: WRITE.EXE (Wrong app path, nothing done)
"%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

Windows Registry: WORDPAD.EXE (Wrong app path, nothing done)
"%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

Windows Registry: msimn.exe (Wrong app path, nothing done)
%ProgramFiles%\Outlook Express\msimn.exe

Windows Registry: MotiveDirectory.exe (Wrong app path, nothing done)

Windows Registry: migwiz.exe (Wrong app path, nothing done)
%SystemRoot%\system32\usmt\migwiz.exe

Windows Registry: mad.exe (Wrong app path, nothing done)

Windows Registry: hpi_upvm.exe (Wrong app path, nothing done)
C:\Program Files\Hewlett-Packard\Update\bin\hpi_upvm.exe

Windows Registry: atmosphere.dll (Wrong app path, nothing done)

Adobe Acrobat Reader 6: Last selected preference panel (Registry value, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Adobe\Acrobat Reader\6.0\PrefsDialog\aLastPrefsPanel

Adobe Acrobat Reader 6: Recent file #1 (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c1

Adobe Acrobat Reader 6: Recent file #2 (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c2

Adobe Acrobat Reader 6: Recent file #3 (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c3

Adobe Acrobat Reader 6: Recent file #4 (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c4

Adobe Acrobat Reader 6: Recent file #5 (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c5

Common Dialogs: History ( (121 files)) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Internet Explorer: Cookies ( (6 cookies)) (Directory, nothing done)
C:\Documents and Settings\Owner\Cookies

Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Internet Explorer\Download Directory=

Internet Explorer: Temporary internet files ( (157 entries)) (Empty cache, nothing done)

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name=

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name=

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name=

MS DirectInput: Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name=

MS DirectInput: Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id=

MS Management Console: Recent command list ( (4 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: Last CD record path (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath=

MS Media Player: Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

MS Media Player: Last selected node (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode=

MS Media Player: Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Paint: Recent file list ( (4 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey=

MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Search Assistant\ACMru

MS Wordpad: Recent file list ( (4 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

MusicMatch JukeBox: Last add song folder (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\MusicLibraryUI\Last add song dir=

VNC: Recent connections ( (1 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\ORL\VNCviewer\MRU

Windows Explorer: Last visited history ( (21 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Program run history ( (1 entries)) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recently opened files ( (2 links)) (Directory, nothing done)
C:\Documents and Settings\Owner\Recent

Windows Explorer: Run history ( (2 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Stream history ( (50 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history files ( (220 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history IE ( (17 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows.OpenWith: Open with list - .AVI extension ( (2 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: Open with list - .BMP extension ( (4 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .CDA extension ( (2 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

WinZip: Number of times run (Registry change, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Nico Mak Computing\WinZip\rrs\Opened=

WinZip: Wizard Extraction folder history ( (4 files)) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-315636210-995690780-1244716356-1003\Software\Nico Mak Computing\WinZip\select

--- Spybot-S&D version: 1.2 ---
2004-02-26 Includes\Cookies.sbi
2004-02-29 Includes\Dialer.sbi
2004-02-29 Includes\Hijackers.sbi
2004-02-26 Includes\Keyloggers.sbi
2004-02-29 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2004-03-09 Includes\Revision.sbi
2004-02-26 Includes\Security.sbi
2004-02-29 Includes\Spybots.sbi
2003-03-16 Includes\Temporary.sbi
2004-02-26 Includes\Tracks.uti
2004-02-29 Includes\Trojans.sbi

*******************************************************
StartupList report, 3/19/2004, 6:00:33 PM
StartupList version: 1.52
Started from : C:\Program Files\HiJackThis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Gilat\QMS\QMS.exe
C:\Program Files\Gilat\GSU\GSU.exe
C:\Program Files\Gilat\IBQoS\ibqossvc.exe
C:\Program Files\Panda Software\Panda Platinum Internet

Security\Firewall\PavFires.exe
C:\Program Files\Common Files\Panda

Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet

Security\pavsrv51.exe
C:\Program Files\GILAT\Internet Page

Accelerator\RPAService.exe
C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
C:\Program Files\Panda Software\Panda Platinum Internet

Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum Internet

Security\apvxdwin.exe
C:\Program Files\Gilat\NetAgent.exe
C:\Program Files\Panda Software\Panda Platinum Internet

Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum Internet

Security\WebProxy.exe
C:\Program Files\HiJackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

hpsysdrv = c:\windows\system\hpsysdrv.exe
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

NettGain2000 = C:\Program Files\Flash

Networks\NettGain2000\Bst\WgwMngr.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ELECTR~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program

Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll -

{02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\progra~1\Anonymizer\core\Anonymizer.dll -

{2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62}
SpywareGuard Download Protection - C:\Program

Files\SpywareGuard\dlprotect.dll -

{4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -

{53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

At18.job
At22.job
At23.job
At24.job
Down Load for Team.job
easy Internet sign-up.job
eric 1130a.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Dialpad Webphone]
CODEBASE = https://www.dialpad.com/md/update/cham.cab
OSD = C:\WINDOWS\Downloaded Program Files\cham.osd

[MPChWrapper.Util]
InProcServer32 = C:\WINDOWS\Downloaded Program

Files\MPChWrapper.dll
CODEBASE =

http://instantsupport.hp.com/update/030227/MPChWrapper.CAB

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Shockwave ActiveX Control]
InProcServer32 =

C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE =

http://download.macromedia.com/pub/shockwave/cabs/director/s

wdir.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program

Files\yinsthelper.dll
CODEBASE =

http://download.yahoo.com/dl/installs/yinst0401.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE =

http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.

apple.com/mickey/us/win/QuickTimeInstaller.exe

[PhxStudent.OeSetup15]
InProcServer32 = C:\WINDOWS\Downloaded Program

Files\PhxStudent15.ocx
CODEBASE =

https://mycampus.phoenix.edu/secure/PhxStudent15.CAB

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE =

http://a840.g.akamai.net/7/840/537/2003120501/housecall.anti

virus.com/housecall/xscan53.cab

[WScanCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program

Files\webscan.dll
CODEBASE = http://www3.ca.com/virusinfo/webscan.cab

[AvxScanOnline Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX
CODEBASE =

http://www.bitdefender.com/scan/Msie/bitdefender.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program

Files\asinst.dll
CODEBASE =

http://www.pandasoftware.com/activescan/as5/asinst.cab

[YahooYMailTo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program

Files\ymmapi.dll
CODEBASE =

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ym

mapi_416.dll

[PhxStudent.OeSetup15]
InProcServer32 = C:\WINDOWS\Downloaded Program

Files\CONFLICT.1\PhxStudent15.ocx
CODEBASE =

https://mycampus.phoenix.edu/secure/PhxStudent15.CAB

[{D27CDB6E-AE6D-11CF-96B8-444553540000}]
CODEBASE =

http://download.macromedia.com/pub/shockwave/cabs/flash/swfl

ash.cab

[GpcContainer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program

Files\ieatgpc.dll
CODEBASE =

https://sophos.webex.com/client/latest/event/ieatgpc.cab

[{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}]
CODEBASE =

http://download.abacast.com/download/files/abasetup144.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program

Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7,486 bytes
Report generated in 0.109 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious

data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if

running on WinNT
/forcent - to include WinNT-only startups even if

running on Win9x
/forceall - to include all Win9x and WinNT startups,

regardless of platform
/history - to list version history only
 
Save Share
dvk01

· Retired Moderator Retired Malware Specialist
Joined
·
56,593 Posts
First Name -
Derek
#2 ·
the flash problem and picture problemas are almost certainly due to spyware blaster, open it and press tools click on flash killer tab and untick the kill flash box, press ok and exit
 
1 - 2 of 2 Posts
Status
Not open for further replies.
About this Discussion
1 Reply
2 Participants
Last post:
dvk01
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top