|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Getting Hi Jacked
Look2me and VX2.Transponder.
They will not go away no matter what I do. Logfile of HijackThis v1.99.1 Scan saved at 12:55:10 PM, on 4/12/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\drivers\trcboot.exe C:\Program Files\Personal Communications\PCS_AGNT.EXE C:\Altiris\AClient\AClient.exe C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe c:\Program Files\NavNT\defwatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\WINNT\System32\ec27ser.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINNT\System32\NMSSvc.exe c:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\snmp.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe C:\Altiris\AClient\AClntUsr.EXE C:\Program Files\NavNT\vptray.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\Program Files\Microsoft Access 97\Office\OSA.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Symantec\Procomm Plus\PROGRAMS\PW5.EXE C:\Program Files\Notes\NLNOTES.EXE C:\Program Files\Notes\nwrdaemn.EXE C:\Program Files\Notes\nupdate.EXE C:\Program Files\Notes\nhldaemn.EXE C:\WINNT\System32\calc.exe C:\Program Files\Microsoft Office\Office\EXCEL.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Horizon BCBSNJ 03202003 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe" O4 - HKLM\..\Run: [AClntUsr] C:\Altiris\AClient\AClntUsr.EXE O4 - HKLM\..\Run: [vptray] c:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Access 97\Office\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=https://employees.horizon-bcbsnj.com/eprise/main/horizon/eportal/index.html O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupdate2.exe O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://www.webgateinc.com/wizard/con.../wg_webeye.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://efi.webex.com/client/v_myweb...ex/ieatgpc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corpads.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corpads.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corpads.local O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - C:\MyDoc\HARRIS\Harrisdirect\FlowHook.dll (file missing) O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll O20 - Winlogon Notify: Guardian - C:\WINNT\system32\msg121.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Altiris\AClient\AClient.exe O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: DefWatch - Symantec Corporation - c:\Program Files\NavNT\defwatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EC2007 Service 1.35 (EC2007Service) - Unknown owner - C:\WINNT\System32\ec27ser.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - c:\Program Files\NavNT\rtvscan.exe O23 - Service: ScriptLogic RunAdmin Client (SLRAClient) - ScriptLogic Corporation - C:\WINNT\System32\SLRAClient.exe O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe |
#2
|
|||
|
|||
Hi....
Run hjt and fix these entries and delete the hightlighted file. O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O20 - Winlogon Notify: Guardian - C:\WINNT\system32\msg121.dll Then....... Download and run Adaware,SpyBot (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below. How to setup Ad-Aware Download Ad-Aware Save aawsepersonal.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/Adaware/ Doubleclick aawsepersonal.exe. Make sure to direct the program to install in the c:/program files/adaware/ directory, NOT the default directory. Open AdAware from Start | Programs | Lavasoft | AdAware. Select <Check for updates now>, <Proceed> After installation, run the program and click the start button.Then click the next button. This lets ad-aware scan your computer. After ad-aware is done running, hit the next button. Then right click the area with the listed spy ware objects.Choose the "Select all objects" option. At this point all the boxes next to the items should be checked. Then hit the next button. It will ask if you want to delete the selected objects. Hit the Okay button. Now most of the spyware should have been deleted from your hard drive. ---------------------------------------------------------------------- How to setup Spybot Search & Destroy Download SpyBot Save spybotsd13.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/spybot/ Doubleclick spybotsd13.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory. Open Spybot from Start | Programs | Spybot | Spybot S&D Select <Search for Updates>. Let it install all updates. This is very important! Select <Immunize> Select <Check for Problems> Check all entries that are in RED. Only RED, NOTHING ELSE. For your records, write/print out each item that you have fixed. Date it. Select <Fix Selected Problems> Close Spybot// --------------------------------------------------------------------- Post a new log when done. |
#3
|
|||
|
|||
Getting Hi Jacked
I can't get past the first line.
I run hjt, fix the 3 lines but can't delete msg121.dll It gives me a sharing violation message. Can't rename, move or delete. I don't know what to do now? Thanks |
#4
|
|||
|
|||
new hjt log made after running, ad-aware and spybot
Logfile of HijackThis v1.99.1 Scan saved at 3:12:55 PM, on 4/14/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\drivers\trcboot.exe C:\Program Files\Personal Communications\PCS_AGNT.EXE C:\Altiris\AClient\AClient.exe C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe c:\Program Files\NavNT\defwatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\WINNT\System32\ec27ser.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINNT\System32\NMSSvc.exe c:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\snmp.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe C:\Altiris\AClient\AClntUsr.EXE C:\Program Files\NavNT\vptray.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\Program Files\Microsoft Access 97\Office\OSA.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Horizon BCBSNJ 03202003 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\MyDoc\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe" O4 - HKLM\..\Run: [AClntUsr] C:\Altiris\AClient\AClntUsr.EXE O4 - HKLM\..\Run: [vptray] c:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Access 97\Office\OSA.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=https://employees.horizon-bcbsnj.com/eprise/main/horizon/eportal/index.html O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupdate2.exe O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://www.webgateinc.com/wizard/con.../wg_webeye.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://efi.webex.com/client/v_myweb...ex/ieatgpc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corpads.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corpads.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corpads.local O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - C:\MyDoc\HARRIS\Harrisdirect\FlowHook.dll (file missing) O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll O20 - Winlogon Notify: Guardian - C:\WINNT\system32\msg121.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Altiris\AClient\AClient.exe O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: DefWatch - Symantec Corporation - c:\Program Files\NavNT\defwatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EC2007 Service 1.35 (EC2007Service) - Unknown owner - C:\WINNT\System32\ec27ser.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - c:\Program Files\NavNT\rtvscan.exe O23 - Service: ScriptLogic RunAdmin Client (SLRAClient) - ScriptLogic Corporation - C:\WINNT\System32\SLRAClient.exe O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe Thanks Sam |
#5
|
|||
|
|||
Download KillBox (v2.0.0.76) . Paste the full file path in the box and click on "Delete on Reboot". Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes"and post a new log when you have rebooted.
C:\WINNT\system32\msg121.dll |
#6
|
|||
|
|||
Deleted on reboot, seems to be gone. you guys are great.
Logfile of HijackThis v1.99.1 Scan saved at 8:01:40 AM, on 4/15/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\drivers\trcboot.exe C:\Program Files\Personal Communications\PCS_AGNT.EXE C:\Altiris\AClient\AClient.exe C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe c:\Program Files\NavNT\defwatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\WINNT\System32\ec27ser.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINNT\System32\NMSSvc.exe c:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\snmp.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe C:\Altiris\AClient\AClntUsr.EXE C:\Program Files\NavNT\vptray.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\Program Files\Microsoft Access 97\Office\OSA.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Notes\NLNOTES.EXE C:\Program Files\Notes\nwrdaemn.EXE C:\Program Files\Notes\nupdate.EXE C:\Program Files\Notes\nhldaemn.EXE C:\Program Files\Personal Communications\pcsws.exe C:\Program Files\Personal Communications\PCSCM.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Horizon BCBSNJ 03202003 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\MyDoc\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe" O4 - HKLM\..\Run: [AClntUsr] C:\Altiris\AClient\AClntUsr.EXE O4 - HKLM\..\Run: [vptray] c:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Access 97\Office\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=https://employees.horizon-bcbsnj.com/eprise/main/horizon/eportal/index.html O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupdate2.exe O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://www.webgateinc.com/wizard/con.../wg_webeye.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://efi.webex.com/client/v_myweb...ex/ieatgpc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corpads.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corpads.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corpads.local O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - C:\MyDoc\HARRIS\Harrisdirect\FlowHook.dll (file missing) O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Altiris\AClient\AClient.exe O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: DefWatch - Symantec Corporation - c:\Program Files\NavNT\defwatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EC2007 Service 1.35 (EC2007Service) - Unknown owner - C:\WINNT\System32\ec27ser.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - c:\Program Files\NavNT\rtvscan.exe O23 - Service: ScriptLogic RunAdmin Client (SLRAClient) - ScriptLogic Corporation - C:\WINNT\System32\SLRAClient.exe O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe |
#7
|
|||
|
|||
That all looks fine....
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
I've been hi jacked | khmoles | Malware Removal | 27 | November 25th, 2007 12:26 PM |
I think I've been Hi-Jacked :( | lafrederick | Malware Removal | 5 | June 8th, 2005 09:44 AM |
Win XP = Win 3.1 Jacked? | Sinister-wolf | Windows XP | 2 | April 3rd, 2005 10:33 PM |
Got Jacked? | pcpaintedlyons | Malware Removal | 2 | April 2nd, 2005 05:30 PM |
Don't get car-jacked | Spider | Open Discussion | 11 | June 11th, 2004 03:45 AM |
All times are GMT +1. The time now is 12:56 PM.