ClanKiller.com :: View topic - Hijack this .. which are the bad guys

[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4762: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4764: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4765: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4766: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
ClanKiller.com :: View topic - Hijack this .. which are the bad guys

ClanKiller.com https://forums.clankiller.com/

Hijack this .. which are the bad guys https://forums.clankiller.com/viewtopic.php?f=8&t=913	Page 1 of 1

Author:	J [ Sat Jul 03, 2004 3:14 am ]
Post subject:	Hijack this .. which are the bad guys
I created a log with Hijack this since i keep getting things i don`t want at startup, worse is it`s not even my fault i got these bugs on my pc. Anyway, could you guys give me some advice before i delete things i shouldn`t be deleting? Like this directwebsearch is one of my targets. Logfile of HijackThis v1.97.7 Scan saved at 11:13:43, on 3/07/2004 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\Promon.exe C:\Program Files\Winamp\Winamp3\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\WINNT\System32\internat.exe C:\WINNT\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?344012 (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:1234 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html O1 - Hosts: 645238813 auto.search.msn.com O1 - Hosts: 69.31.79.101 auto.search.msn.com O1 - Hosts: 69.31.79.101 auto.search.msn.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINNT\System32\wer1306.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winamp3\winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe O4 - HKLM\..\Run: [winupd] C:\WINNT\System32\winupd.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/winsearchie32.chm::/winsearchie32.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing) (HKLM) Btw this comes from http://tomcoyote.com/hjt/ and there it was suggested that computernitwits like me should ask proper advice before deleting things, which sounds fair to me

Author:	J [ Sat Jul 03, 2004 3:18 am ]
Post subject:
Oh i also created a startup list .. maybe you need it maybe you don`t .. and i`m aware that probably a lot of junk or unnecessary things start up. StartupList report, 3/07/2004, 11:21:07 StartupList version: 1.52 Started from : C:\Documents and Settings\Administrator\Mijn documenten\Mijn ontvangen bestanden\HijackThis.EXE Detected: Windows 2000 SP3 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\Promon.exe C:\Program Files\Winamp\Winamp3\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\WINNT\System32\internat.exe C:\WINNT\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synchronization Manager = mobsync.exe /logon Promon.exe = Promon.exe WinampAgent = "C:\Program Files\Winamp\Winamp3\winampa.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime Internat Conf = \bootconf.exe winupd = C:\WINNT\System32\winupd.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run internat.exe = internat.exe -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINNT\System32\sspipes.scr drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\WINNT\System32\wer1306.dll - {CF021F40-3E14-23A5-CBA2-717765721306} -------------------------------------------------- Enumerating Task Scheduler jobs: Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [{11010101-1001-1111-1000-110112345678}] CODEBASE = ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/winsearchie32.chm::/winsearchie32.exe [Symantec AntiVirus scanner] InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll CODEBASE = http://security.symantec.com/sscv6/Shar ... vSniff.cab [{41F17733-B041-4099-A042-B518BB6A408C}] CODEBASE = http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe [Symantec RuFSI Utility Class] InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/sscv6/Shar ... /cabsa.cab [Shockwave Flash Object] InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\System32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- End of report, 5.009 bytes Report generated in 0,040 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

Author:	Satis [ Sat Jul 03, 2004 9:27 am ]
Post subject:
ok, I went through your list. I'm 100% on this list all being malware: kill all 'directwebsearch' items kill all hosts entries kill BHO wer1306.dll kill HKLM \ ...\bootconf.exe kill HKLM winupd kill HKCU internat.exe kill DPF ... winnosuch.mht! Once you kill all that, you should be ok. Rerun the proggie afterwards and let me know. Also, if you need me to be more specific, I'll be happy to.

Author:	J [ Mon Jul 05, 2004 2:26 am ]
Post subject:
Thx man, i think i`m okay now, a lot of things that weren`t supposed to happen don`t happen anymore, apart from the directwebsearch thingies i wasn`t sure which ones were trouble and which not. I`m wondering what this does: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?344012 (obfuscated) and can anyone tell me what this `obfuscated` means, sorry 11b haven`t downloaded that dictionary toolbar of yours I was also wondering, stuff like the extra toolbar item from icq, quicktime entries that are in .. can i just delete them as well (since i don`t need them)not that it bothers me, but the less junk i have the better

Author:	Satis [ Tue Jul 06, 2004 11:12 am ]
Post subject:
feel free to delete any toolbars you don't like. Delete EVERYTHING that says directwebsearch. Everything. All of it. It's BAD. Delete that true-counter thing. I don't trust it. Ah...it's part of a trojan. HAH! I was right! http://securityresponse.symantec.com/av ... tconf.html Obfuscate \Ob*fus"cate\, v. t. [imp. & p. p. Obfuscated; p. pr. & vb. n. Obfuscating.] To darken; to obscure; to becloud; hence, to confuse; to bewilder. His head, like a smokejack, the funnel unswept, and the ideas whirling round and round about in it, all obfuscated and darkened over with fuliginous matter. --Sterne. Clouds of passion which might obfuscate the intellects of meaner females. --Sir. W. Scott.

Author:	J [ Wed Aug 04, 2004 2:39 am ]
Post subject:
I'm at my dad's computer now, and his computer is kind of a mess. So could you look at this and tell me which ones are necessary and which aren't? Logfile of HijackThis v1.97.7 Scan saved at 10:35:19 AM, on 8/4/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\PROGRA~1\Iomega\System32\ActivityDisk.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\BTV\btv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Iomega\AutoDisk\AD2KClient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Steam\Steam.exe C:\Documents and Settings\Stoops\Application Data\neor.exe C:\WINDOWS\System32\cglcwr.exe C:\Program Files\Web_Rebates\WebRebates1.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Web_Rebates\WebRebates0.exe C:\Documents and Settings\Stoops\My Documents\Mijn ontvangen bestanden\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {628F6529-9543-4DF0-8752-16557CD7284F} - C:\WINDOWS\System32\gpge.dll O2 - BHO: (no name) - {63CF97E8-4133-438a-A831-CC9C6D47D673} - (no file) O2 - BHO: (no name) - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:\Program Files\Xmod\xm320.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [Jreg] "C:\Program Files\Common Files\Java\Jreg2b.exe" O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\breg.exe" O4 - HKLM\..\Run: [doseula] C:\WINDOWS\msagent\chars\doseula.exe O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - HKCU\..\Run: [Srsn] C:\Documents and Settings\Stoops\Application Data\neor.exe O4 - HKCU\..\Run: [Kwnh] C:\WINDOWS\System32\cglcwr.exe O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1" O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02e8fc8021e ... xIE601.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 6300925926 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... owdown.cab Already figured out there will be tons of spyware like this Belt thing (at least i think it is), BTV, jeej good job dad, work harder on your computer and surf less for porn i would say Neor.exe, can't even find anything on it on google, unless it's blocking my google

Author:	ElevenBravo [ Wed Aug 04, 2004 7:39 am ]
Post subject:
You know, if you would boot into safe mode, then go to "Add Remove Programs" some of that stuff is probably listed, just uninstall it from there, then if that dont work run Hijack this.

Author:	Satis [ Wed Aug 04, 2004 4:11 pm ]
Post subject:
jesus christ. Tell ya what... go to google, and look each of those things up. I don't have time. It'd take me 30 minutes- 1 hour to go through that list and tell you everything that's bad, and I don't have time. Besides, googling is virtually all I do, anyway. Only advantage I have is that I know what some of them are without having to look them up.

Author:	J [ Thu Aug 05, 2004 1:25 am ]
Post subject:
Ah okay, thought you would pick the bad guys out in a blink, guess i`ve overestimated you I`ll just put my brother on it when he`s back from holiday, he`s the one that uses that computer once in a while, i don`t have anything to do with it. Just my dad complaining how slow everything goes and that he gets pop-ups (and pop-unders). And my brother might have a clue what some things do, he probably put some programs on it and i don`t know what they do since they don`t give any hit on google. A format would also help of course, there are at least 10 demo`s on it he i bet he doesn`t play anymore, all he needs to do for me is put my NWN savegames somewhere safe. Let them waste their time i say!

Author:	Arathorn [ Sat Aug 07, 2004 1:58 pm ]
Post subject:

Page 1 of 1	All times are UTC - 6 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/