Logfile of HijackThis v1.96.4
Scan saved at 8:08:59 PM, on 9/6/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Winkej.exe
C:\WINDOWS\System32\Winkrb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe
C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\winservn.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Messenger\msmsgshxt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\All Users\My Documents\Andrew's Documents\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.netmails.com/members/lorinao ... drkaks.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/hot ... hotbar.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
Hijackthis Log
Moderator: Thanas
-
The Cleric
- BANNED
- Posts: 2990
- Joined: 2003-08-06 09:41pm
- Location: The Right Hand Of GOD
Hijackthis Log
{} Thrawn wins. Any questions? {} Great Dolphin Conspiracy {} Proud member of the defunct SEGNOR {} Enjoy the rythmic hip thrusts {} In my past life I was either Vlad the Impaler or Katsushika Hokusai {}
-
Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
Re: Hijackthis Log
Kill these, Schnell!
Code: Select all
C:\WINDOWS\System32\Winkej.exe <==KLEZ Virus
C:\WINDOWS\System32\Winkrb.exe <==KLEZ again!
C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe <== VirtuaGirl Crapware
C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe <== Again
C:\Program Files\Common Files\CMEII\CMESys.exe <== Gator. Eugh.
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe <== WTF is this?
C:\program files\altnet\points manager\points manager.exe <== Altnet (get rid of it)
C:\WINDOWS\System32\winservn.exe <== PurityScan. Yuck. Causes HUGE amounts of Popup Ads.
C:\Program Files\Common Files\GMT\GMT.exe <== More Gator
C:\WINDOWS\System32\wuauclt.exe <== Windows Update. Your choice as to whether you wanna keep it
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe <== More Altnet. D00d, get Kazaa Lite!
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] <== Compaq Bloatware. Kill.
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl <== More Virtuagirl crap
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl <== Even More Virtuagirl crap
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <== Do you really need Quicktime running all the time?
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe" <== MORE GATOR!!!
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART <== WTF again. Get rid of it!
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s <== More Altnet.
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe <== More PurityScan. Kill with EXTREME PREJUDICE!
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe <== Gator
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.netmails.com/members/lorinaorgasm/edrkaks.cab <== Dialer. This can cost you money by inflating your phone bill. Destroy it with prejudice.
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/hotbar/programs/4.0.6.0/hotbar.cab <== Hotbar. Spyware.
-
Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
Recommended Software to Install (so this crap never happens again).
www.Mozilla.org <== Mozilla. Internet Explorer is not a viable browser anymore. Use Mozzie (it'll import your favorites for you) to keep the Trojanware out and keep the luser websites from crashing your entire computer just because they popped up on you (some websites like to do that).
http://www.safer-networking.org/ <== Spybot SD
http://www.kerio.com/us/kpf_download.html <== Kerio Firewall. Get it ASAP!
www.grisoft.com <== AVG Antivirus (this'll kill your KLEZ problem)
http://www.wilderssecurity.net/spywareblaster.html <== SpywareBlaster. Prevents common spyware from autoinstalling.
www.Mozilla.org <== Mozilla. Internet Explorer is not a viable browser anymore. Use Mozzie (it'll import your favorites for you) to keep the Trojanware out and keep the luser websites from crashing your entire computer just because they popped up on you (some websites like to do that).
http://www.safer-networking.org/ <== Spybot SD
http://www.kerio.com/us/kpf_download.html <== Kerio Firewall. Get it ASAP!
www.grisoft.com <== AVG Antivirus (this'll kill your KLEZ problem)
http://www.wilderssecurity.net/spywareblaster.html <== SpywareBlaster. Prevents common spyware from autoinstalling.
-
Crayz9000
- Sith Apprentice
- Posts: 7329
- Joined: 2002-07-03 06:39pm
- Location: Improbably superpositioned
- Contact:
You don't even need to use IE for IE-only websites if you have Mozilla 1.4 or above. See, Mozilla 1.4 now lets you tweak the preferences via about:config, so you can override the useragent string easily...
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
Some websites still have IE-only functions (e.g. ESPN's streaming video, anything that needs ActiveX).Crayz9000 wrote:You don't even need to use IE for IE-only websites if you have Mozilla 1.4 or above. See, Mozilla 1.4 now lets you tweak the preferences via about:config, so you can override the useragent string easily...
I've been testing W2K3 and that thing locks down IE down tight. It's incredibly paranoid and only lets stuff run on whitelists.
My connection is slower recently, is this program freeware? And if so where can I get it?
'After 9/11, it was "You're with us or your with the terrorists." Now its "You're with Straha or you support racism."' ' - The Romulan Republic
'You're a bully putting on an air of civility while saying that everything western and/or capitalistic must be bad, and a lot of other posters (loomer, Stas Bush, Gandalf) are also going along with it for their own personal reasons (Stas in particular is looking through rose colored glasses)' - Darth Yan
'You're a bully putting on an air of civility while saying that everything western and/or capitalistic must be bad, and a lot of other posters (loomer, Stas Bush, Gandalf) are also going along with it for their own personal reasons (Stas in particular is looking through rose colored glasses)' - Darth Yan
-
Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
-
Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
Yes.Straha wrote:My connection is slower recently, is this program freeware? And if so where can I get it?
http://tomcoyote.org/hjt
Please post a new thread tho
-
Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
phongn wrote:Some websites still have IE-only functions (e.g. ESPN's streaming video, anything that needs ActiveX).Crayz9000 wrote:You don't even need to use IE for IE-only websites if you have Mozilla 1.4 or above. See, Mozilla 1.4 now lets you tweak the preferences via about:config, so you can override the useragent string easily...
Honestly, I'm glad Mozzie won't support RadioActiveHaX. I've had nothing good come of it other than being able to join MSN Chat. Everything else is autoinstalling autoexecuting Trojans. It won't be missed.
Hmm maybe I'll check it out when I get another b0x to put it on...phongn wrote:I've been testing W2K3 and that thing locks down IE down tight. It's incredibly paranoid and only lets stuff run on whitelists.
-
The Cleric
- BANNED
- Posts: 2990
- Joined: 2003-08-06 09:41pm
- Location: The Right Hand Of GOD
Logfile of HijackThis v1.96.4
Scan saved at 9:08:03 PM, on 9/6/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Winkej.exe
C:\WINDOWS\System32\Winkrb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\RunDll32.exe
C:\DOCUME~1\KARENY~1\LOCALS~1\Temp\Set32.tmp
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
C:\Documents and Settings\All Users\My Documents\Andrew's Documents\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
Scan saved at 9:08:03 PM, on 9/6/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Winkej.exe
C:\WINDOWS\System32\Winkrb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\RunDll32.exe
C:\DOCUME~1\KARENY~1\LOCALS~1\Temp\Set32.tmp
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
C:\Documents and Settings\All Users\My Documents\Andrew's Documents\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
{} Thrawn wins. Any questions? {} Great Dolphin Conspiracy {} Proud member of the defunct SEGNOR {} Enjoy the rythmic hip thrusts {} In my past life I was either Vlad the Impaler or Katsushika Hokusai {}
Luckily, no autoexecuting trojans on this machine, IE or not. I've been careful about ActiveX.Einhander Sn0m4n wrote:Honestly, I'm glad Mozzie won't support RadioActiveHaX. I've had nothing good come of it other than being able to join MSN Chat. Everything else is autoinstalling autoexecuting Trojans. It won't be missed.
W2K3 is a server OS only - it's not really meant for workstation use.Hmm maybe I'll check it out when I get another b0x to put it on...
-
Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
Much better, but I can still see a few things that need fix0ring!
StormtrooperTR889 wrote:C:\WINDOWS\System32\Winkej.exe <== J00 G07 T3h KLEZ. Get AVG Antivirus.
C:\WINDOWS\System32\Winkrb.exe <== KLEZ again. www.grisoft.com <==AVG
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe <== Spyware from Kazaa. Get Kazaa Lite.
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART <== kill this.
(I like this one) O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck <== Ah I see you have Spybot SD! (keep this btw, its not a kill request)
Last edited by Einhander Sn0m4n on 2003-09-06 09:18pm, edited 1 time in total.
-
Crayz9000
- Sith Apprentice
- Posts: 7329
- Joined: 2002-07-03 06:39pm
- Location: Improbably superpositioned
- Contact:
The most annoying thing about IE, to me anyway, is the way it lumps ActiveX controls in with most other plugins. So if you set it to a nice security level, say a modified High, then it'll prompt you if there's Flash, etc on the page.phongn wrote:Luckily, no autoexecuting trojans on this machine, IE or not. I've been careful about ActiveX.
Freaking annoying.
A Tribute to Stupidity: The Robert Scott Anderson Archive (currently offline)
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
John Hansen - Slightly Insane Bounty Hunter - ASVS Vets' Assoc. Class of 2000
HAB Cryptanalyst | WG - Intergalactic Alliance and Spoof Author | BotM | Cybertron | SCEF
-
Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
TH4NK YUO!!1Crayz9000 wrote:The most annoying thing about IE, to me anyway, is the way it lumps ActiveX controls in with most other plugins. So if you set it to a nice security level, say a modified High, then it'll prompt you if there's Flash, etc on the page.phongn wrote:Luckily, no autoexecuting trojans on this machine, IE or not. I've been careful about ActiveX.
Freaking annoying.
I hate that shit too. Flash=Harmless. ActiveHaX != Harmless!
-
The Cleric
- BANNED
- Posts: 2990
- Joined: 2003-08-06 09:41pm
- Location: The Right Hand Of GOD
Logfile of HijackThis v1.96.4
Scan saved at 10:12:02 PM, on 9/6/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\All Users\My Documents\Andrew's Documents\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
Scan saved at 10:12:02 PM, on 9/6/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\All Users\My Documents\Andrew's Documents\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
{} Thrawn wins. Any questions? {} Great Dolphin Conspiracy {} Proud member of the defunct SEGNOR {} Enjoy the rythmic hip thrusts {} In my past life I was either Vlad the Impaler or Katsushika Hokusai {}
-
Einhander Sn0m4n
- Insane Railgunner
- Posts: 18630
- Joined: 2002-10-01 05:51am
- Location: Louisiana... or Dagobah. You know, where Yoda lives.
Thank ye kindly good sir.phongn wrote:http://bbs.stardestroyer.net/viewtopic.php?t=24412
We mods put this stuff up for a reason...
'After 9/11, it was "You're with us or your with the terrorists." Now its "You're with Straha or you support racism."' ' - The Romulan Republic
'You're a bully putting on an air of civility while saying that everything western and/or capitalistic must be bad, and a lot of other posters (loomer, Stas Bush, Gandalf) are also going along with it for their own personal reasons (Stas in particular is looking through rose colored glasses)' - Darth Yan
'You're a bully putting on an air of civility while saying that everything western and/or capitalistic must be bad, and a lot of other posters (loomer, Stas Bush, Gandalf) are also going along with it for their own personal reasons (Stas in particular is looking through rose colored glasses)' - Darth Yan