Solved

Please look  on my hijack this log

Posted on 2004-09-19
25
340 Views
Last Modified: 2010-08-05
Please look  on my hijack this log

I tell me what i shall fix


Logfile of HijackThis v1.98.0
Scan saved at 10:33:50, on 19-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\mozilla.org\Mozilla\Mozilla.exe
C:\Programmer\Evidence Eliminator\ee.exe
C:\Programmer\SECRETMAKER\secretmaker.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Anonymizer TNS\AnonTns.exe
C:\Programmer\Anonymizer\tss\tss.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\System32\smiehlp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\winampa.exe"
O4 - HKLM\..\Run: [diagent] "C:\Programmer\Creative\SBLive\Diagnostics\diagent.exe " startup
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTray] C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Programmer\SpyWare Killer\spywarekiller.exe /BOOT
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Programmer\Evidence Eliminator\ee.exe /m
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SECRETMAKER.lnk = C:\Programmer\SECRETMAKER\secretmaker.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Girafa - {78A7D3B4-23E3-11D4-A682-0050DA502650} - C:\Programmer\Girafa\GirafaBar.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8e0c24e8effd07b128e225c91fe269f1e3e53b395f49377f8e3605dd230f34a38bc2fbef0a2d6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
O18 - Protocol: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - (no file)

0
Comment
Question by:beocom2500
  • 8
  • 6
  • 6
  • +1
25 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12094686
Hi beocom2500,

Next time, please don't just post a hijackthis logfile unless specifically asked for it.

This time, as it's an easy one, I ran it through the hijackthis analizer which you can find at:
http://www.hijackthis.de/index.php

The results can be seen here for the next five days:
http://www.hijackthis.de/logfiles/638709f4cfa1b5600c087aef5fb4b1c2.html

All "Possibly nasty" and "unknown" items are clean in your case.

Greetings,

LucF
0
 

Expert Comment

by:askdavid
ID: 12101855

Hello beocom2500,

go to http://www.lavasoftusa.com and download Ad-Aware Se and install it first then boot your PC in safe mode and first run Hijack and go thru below:
Once you remove all entries using hijack then start Ad Aware se and run full system scan, it will fix rest.

=============================Hijack Entries=========================================
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
Comments: This is IE home page entry - usually i remove it....useless entry, though it is upto you..if you want www.google.dk shld open whenever u open then leave it

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
Comments: This is IE home page entry - usually i remove it....useless entry, though it is upto you..if you want www.google.dk shld open whenever u open then leave it

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
Comments: Rremove it

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Comments: It's an Entry made by Acrobat Reader, leave it will not harm

O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\System32\smiehlp.dll
Comments: Remove it

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
Comments: Leave it

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
Comments: Remove it

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
Comments: Leave it

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
Comments: Remove it

O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe"
Comments: Leave it

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
Comments: Remove it (Your PC will boot faster)

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
Comments: Leave it

O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\winampa.exe"
Comments: Remove it (Your PC will boot faster)

O4 - HKLM\..\Run: [diagent] "C:\Programmer\Creative\SBLive\Diagnostics\diagent.exe " startup
Comments: Leave it

O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
Comments: Remove it

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe"
Comments: Leave it

O4 - HKLM\..\Run: [MMTray] C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
Comments: Remove it (Your PC will boot faster)

O4 - HKLM\..\Run: [mmtask] C:\Programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe
Comments: Remove it (Your PC will boot faster)

O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
Comments: Leave it

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
Comments: Remove it (Your PC will boot faster)

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
Comments: Leave it (MS OFFICE Entry)

O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Programmer\SpyWare Killer\spywarekiller.exe /BOOT
Comments: Remove it

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\mozilla.org\Mozilla\Mozilla.exe" -turbo
Comments: Remove it (Your PC will boot faster)

O4 - HKCU\..\Run: [Evidence Eliminator] C:\Programmer\Evidence Eliminator\ee.exe /m
Comments: Remove it

O4 - Global Startup: Adobe Gamma Loader.lnk = ?
Comments: Remove it

O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
Comments: Remove it (Your PC will boot faster)

O4 - Global Startup: SECRETMAKER.lnk = C:\Programmer\SECRETMAKER\secretmaker.exe
Comments: Remove it

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
Comments: Remove it (Your PC will boot faster)

O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
Comments: Remove it

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
Comments: Remove it (Your PC will boot faster, sometimes it comes back even though u remove it, so don't worry if  you see it again)

O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
Comments: Remove it

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
Comments: Remove it (Your PC will boot faster)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
Comments: Remove it (Your PC will boot faster)

O9 - Extra button: Girafa - {78A7D3B4-23E3-11D4-A682-0050DA502650} - C:\Programmer\Girafa\GirafaBar.dll
Comments: Remove it

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
Comments: Remove it

O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
Comments: Remove it

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8e0c24e8effd07b128e225c91fe269f1e3e53b395f49377f8e3605dd230f34a38bc2fbef0a2d6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc
Comments: Remove it

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - http://www.pestscan.com/scanner/axscanner.cab
Comments: Remove it

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
Comments: Remove it

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
O18 - Protocol: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - (no file)
Comments: Remove all above 4 entries

========================================================================

David

--
Linux - It's way of your life
0
 

Expert Comment

by:askdavid
ID: 12101889

Don't forget to run Ad Aware se in safe mode, it seems your system is infected with lot of worms & viruses

it will clean all only if you run in safe mode, to download Ad Aware Se go to http://www.lavasoftusa.com/

David

--
Happiness doesn't show that you doesn't have any problems
Happiness shows how you manage with your problems :)
0
 

Author Comment

by:beocom2500
ID: 12103448
I all ready use ad-aware SE Free since i cot my first pc but i don`t understand  why i shall remove things from vendors i trust  
i think i will try to ask one of the older members. this about linux is life an old time linux user shall install Linux Suse Professonal 9.1 on
my pc`s beside windowsXP home.
0
 

Author Comment

by:beocom2500
ID: 12103462
i mean i use ad-aware for some years befor SE
0
 

Author Comment

by:beocom2500
ID: 12103497
  SheharyaarSaahil  what  are you think about my HiJack This Log please give your voice befor i do something i shut not ?
 
 
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12103690
askdavid,
Thats the worst advice I've ever seen, please don't decide for people what they want to have running on their computer. And certainly don't suggest to remove legal autorun thingies, for example, secretmaker is a valid program used by many.

beocom2500,
Please look at my suggestion so you can learn yourself how to analize your logfile. SheharyaarSaahil's advice has been terrible in a lot of cases, the only reason I don't analize your logfile as you might be used to at Experts Exchange is because of this: http:Q_21129167.html you might want to read through it to understand by position here.

First of all, you have an old version of hijackthis there, please use the latest from http://aumha.org/downloads/hijackthis.exe then post the logfile in the analizer.

You'll see the only unknown entries are:
C:\Programmer\SECRETMAKER\secretmaker.exe
C:\Programmer\Creative\SBLive\Diagnostics\diagent.exe
C:\Programmer\Anonymizer TNS\AnonTns.exe
C:\Programmer\Anonymizer\tss\tss.exe
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Programmer\SpyWare Killer\spywarekiller.exe /BOOT
O4 - Global Startup: SECRETMAKER.lnk = C:\Programmer\SECRETMAKER\secretmaker.exe
O9 - Extra button: Girafa - {78A7D3B4-23E3-11D4-A682-0050DA502650} - C:\Programmer\Girafa\GirafaBar.
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} - http://resources.tele2.dk/privat/internet/pctest
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemp
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abase
Which are all legal and normal files.

There are two "Nasties" listed there:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie

The first one of those doesn't really matter, your decision if you like to keep it.
The second one belongs to a piece of spyware explained here:
http://www.giantcompany.com/antispyware/research/spyware/spyware-WindUpdates.aspx

Greetings,

LucF
0
 

Author Comment

by:beocom2500
ID: 12104654
Here is my new HiJack This LOg File with 1.98.2


Logfile of HijackThis v1.98.2
Scan saved at 19:48:17, on 20-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Evidence Eliminator\ee.exe
C:\Programmer\SECRETMAKER\secretmaker.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Anonymizer TNS\AnonTns.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\Anonymizer\tss\tss.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\unzipped\hijackthis_198\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\System32\smiehlp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\winampa.exe"
O4 - HKLM\..\Run: [diagent] "C:\Programmer\Creative\SBLive\Diagnostics\diagent.exe " startup
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTray] C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Programmer\SpyWare Killer\spywarekiller.exe /BOOT
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Programmer\Evidence Eliminator\ee.exe /m
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SECRETMAKER.lnk = C:\Programmer\SECRETMAKER\secretmaker.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Girafa - {78A7D3B4-23E3-11D4-A682-0050DA502650} - C:\Programmer\Girafa\GirafaBar.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8e0c24e8effd07b128e225c91fe269f1e3e53b395f49377f8e3605dd230f34a38bc2fbef0a2d6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab

0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12104682
This line has to go:
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8e0c24e8effd07b128e225c91fe269f1e3e53b395f49377{linebreak - ai, cs admin}f8e3605dd230f34a38bc2fbef0a2d6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc

All others can safely left there.
For this one: O9 - Extra button: Girafa - {78A7D3B4-23E3-11D4-A682-0050DA502650} - C:\Programmer\Girafa\GirafaBar.dll
You'll have to decide for yourself if you want it there or not.

Greetings,

LucF

0
 

Expert Comment

by:askdavid
ID: 12104724

Mr. LucF
Sorry i wasn't aware of "secretmaker.exe" so i adviced to remove from startup....anyway i don't think it was going to put him in trouble, i m using Ad Adware Se from lavasoftusa.com(FREEWARE) since last few months and it has solved lot of my problems in my network PC's (i m running Windows XP/2000 on client machines)

even if you don;t use Hijack and run Ad Adware in safe mode it will work cool

Only thing is you need to keep up2date ur Ad Adware Se defination and use it in Safe Mode (with full administrator rights on XP/2000/2003 Machines) it works awesome.

It never failed on my small network of 400 Pc's ;)

David

--
Life is like a coin. You can spend it any way you wish, but you only spend it once. - Lillian Dickson

0
 

Author Comment

by:beocom2500
ID: 12105532
LucF shall i also delete it in HiJack This backups ?

Best
Beocom2500
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 32

Accepted Solution

by:
Luc Franken earned 25 total points
ID: 12106252
Yes, after fixing that entry with hijackthis, reboot the computer and see if it shows back up, if it doesn't you can safely remove the full backup folder.

LucF
0
 

Author Comment

by:beocom2500
ID: 12107089
yes i it was gone so i delete  the backups !

Thanks for your help

best
beocom2500
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12108651
It is unprofessional to comment on others advice, you should let the questioner decide.

0
 

Assisted Solution

by:askdavid
askdavid earned 25 total points
ID: 12109238

Hijack will just show & remove startup registry entries of worms and viruses.....wat abt the physical files & other registries which are been added to your system by worms & viruses??

Antivirus even will not detect this files, so better scan your system in safe mode using Ad Aware SE, this is perfect solution which i suggested from my first comment, you have no choice except doing that.

BTW thank you Hypoviax :)

David

--
To repeat what others have said, requires education; to challenge it, requires brains. - Mary Pettibone Poole
0
 

Author Comment

by:beocom2500
ID: 12110235
i don`t no how to set ad-aware se to safe mode
0
 

Expert Comment

by:askdavid
ID: 12110569
Do u have Ad Aware SE installed on your system?
If yes, then simply boot your system in safe mode and the run Ad Aware Se from "program files" and then PERFORM FULL SYSTEM SCAN

To boot system in safe mode...
Restart your system and PRESS F8 at Windows boot prompt, it will show u boot menu from where u need to choose SAFE MODE and then Hit Enter (RETURN)

If you don't have Ad Aware SE installed on your system?
Then you go to http://www.lavasoftusa.com and download Ad Aware Se, once completely downloaded, install on your system and then go to Safe Mode and Perform Full System Scan

Use this link to know more about Windows Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

David

--
I still find each day too short for all the thoughts I want to think, all the walks I want to take, all the books I want to read, and all the friends I want to see.  - John Burroughs
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12116480
That must be the strangest request I've ever seen...

beocom2500, how did you intend to close this question?

Thanks,

LucF
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12116532
In that case, no objections. :o)
My little suggestion, use the following comments if beocom2500 also agrees: http:#12094686 and http:#12110569 I think those hold the most valuable data for the PAQ.

LucF
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12119095
AskDavid  u may be interested in this site:

http://www.coolquotescollection.com/
0
 

Expert Comment

by:askdavid
ID: 12119926

Thanx Hypoviax :)

David

--
Women who behave rarely make history.
0
 

Author Comment

by:beocom2500
ID: 12124256
Hi   LucF

Thanks for help my problems is over for now.

Best
Beocom2500
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now