StarDestroyer.Net BBS

Get your fill of sci-fi, science, and mockery of stupid ideas
http://stardestroyer.dyndns-home.com/

Hijackthis Log

http://stardestroyer.dyndns-home.com/viewtopic.php?f=24&t=29537

Page 1 of 1

Hijackthis Log

Posted: 2003-09-06 08:11pm
by The Cleric
Logfile of HijackThis v1.96.4
Scan saved at 8:08:59 PM, on 9/6/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Winkej.exe
C:\WINDOWS\System32\Winkrb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe
C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\winservn.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Messenger\msmsgshxt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\All Users\My Documents\Andrew's Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.netmails.com/members/lorinao ... drkaks.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/hot ... hotbar.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab

Re: Hijackthis Log

Posted: 2003-09-06 08:29pm
by Einhander Sn0m4n
Kill these, Schnell!

Code: Select all

C:\WINDOWS\System32\Winkej.exe   <==KLEZ Virus
C:\WINDOWS\System32\Winkrb.exe   <==KLEZ again!
C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe   <== VirtuaGirl Crapware
C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe   <== Again
C:\Program Files\Common Files\CMEII\CMESys.exe   <== Gator. Eugh.
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe   <== WTF is this?
C:\program files\altnet\points manager\points manager.exe   <== Altnet (get rid of it)
C:\WINDOWS\System32\winservn.exe   <== PurityScan. Yuck. Causes HUGE amounts of Popup Ads.
C:\Program Files\Common Files\GMT\GMT.exe   <== More Gator
C:\WINDOWS\System32\wuauclt.exe   <== Windows Update. Your choice as to whether you wanna keep it
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe   <== More Altnet. D00d, get Kazaa Lite!

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]   <== Compaq Bloatware. Kill.
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl   <== More Virtuagirl crap
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl   <== Even More Virtuagirl crap
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime   <== Do you really need Quicktime running all the time?
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"   <== MORE GATOR!!!
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART   <== WTF again. Get rid of it!
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s   <== More Altnet.
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\System32\winservn.exe   <== More PurityScan. Kill with EXTREME PREJUDICE!
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe   <== Gator
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.netmails.com/members/lorinaorgasm/edrkaks.cab   <== Dialer. This can cost you money by inflating your phone bill. Destroy it with prejudice.
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/hotbar/programs/4.0.6.0/hotbar.cab   <== Hotbar. Spyware.

Posted: 2003-09-06 08:36pm
by Einhander Sn0m4n
Recommended Software to Install (so this crap never happens again).

www.Mozilla.org <== Mozilla. Internet Explorer is not a viable browser anymore. Use Mozzie (it'll import your favorites for you) to keep the Trojanware out and keep the luser websites from crashing your entire computer just because they popped up on you (some websites like to do that).

http://www.safer-networking.org/ <== Spybot SD

http://www.kerio.com/us/kpf_download.html <== Kerio Firewall. Get it ASAP!

www.grisoft.com <== AVG Antivirus (this'll kill your KLEZ problem)

http://www.wilderssecurity.net/spywareblaster.html <== SpywareBlaster. Prevents common spyware from autoinstalling.

Posted: 2003-09-06 08:41pm
by phongn
If you must use IE for some reason, then at least get the Google Toolbar v.2 - it'll block popups.

Posted: 2003-09-06 08:43pm
by Crayz9000
You don't even need to use IE for IE-only websites if you have Mozilla 1.4 or above. See, Mozilla 1.4 now lets you tweak the preferences via about:config, so you can override the useragent string easily...

Posted: 2003-09-06 08:50pm
by phongn
Crayz9000 wrote:You don't even need to use IE for IE-only websites if you have Mozilla 1.4 or above. See, Mozilla 1.4 now lets you tweak the preferences via about:config, so you can override the useragent string easily...
Some websites still have IE-only functions (e.g. ESPN's streaming video, anything that needs ActiveX).

I've been testing W2K3 and that thing locks down IE down tight. It's incredibly paranoid and only lets stuff run on whitelists.

Posted: 2003-09-06 08:57pm
by Straha
My connection is slower recently, is this program freeware? And if so where can I get it?

Posted: 2003-09-06 08:58pm
by Einhander Sn0m4n
And Mozilla supports NTLM, so you don't have to worry if your network admin is a micromanaging megalomaniacal little cunt who kowtows to none other than the Evil that Lay in Redmond...

Posted: 2003-09-06 08:58pm
by phongn
http://bbs.stardestroyer.net/viewtopic.php?t=24412

We mods put this stuff up for a reason...

Posted: 2003-09-06 09:05pm
by Einhander Sn0m4n
Straha wrote:My connection is slower recently, is this program freeware? And if so where can I get it?
Yes.

http://tomcoyote.org/hjt

Please post a new thread tho :)

Posted: 2003-09-06 09:09pm
by Einhander Sn0m4n
phongn wrote:
Crayz9000 wrote:You don't even need to use IE for IE-only websites if you have Mozilla 1.4 or above. See, Mozilla 1.4 now lets you tweak the preferences via about:config, so you can override the useragent string easily...
Some websites still have IE-only functions (e.g. ESPN's streaming video, anything that needs ActiveX).

Honestly, I'm glad Mozzie won't support RadioActiveHaX. I've had nothing good come of it other than being able to join MSN Chat. Everything else is autoinstalling autoexecuting Trojans. It won't be missed.
phongn wrote:I've been testing W2K3 and that thing locks down IE down tight. It's incredibly paranoid and only lets stuff run on whitelists.
Hmm maybe I'll check it out when I get another b0x to put it on...

Posted: 2003-09-06 09:09pm
by The Cleric
Logfile of HijackThis v1.96.4
Scan saved at 9:08:03 PM, on 9/6/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Winkej.exe
C:\WINDOWS\System32\Winkrb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\RunDll32.exe
C:\DOCUME~1\KARENY~1\LOCALS~1\Temp\Set32.tmp
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
C:\Documents and Settings\All Users\My Documents\Andrew's Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab

Posted: 2003-09-06 09:12pm
by phongn
Einhander Sn0m4n wrote:Honestly, I'm glad Mozzie won't support RadioActiveHaX. I've had nothing good come of it other than being able to join MSN Chat. Everything else is autoinstalling autoexecuting Trojans. It won't be missed.
Luckily, no autoexecuting trojans on this machine, IE or not. I've been careful about ActiveX.
Hmm maybe I'll check it out when I get another b0x to put it on...
W2K3 is a server OS only - it's not really meant for workstation use.

Posted: 2003-09-06 09:16pm
by Einhander Sn0m4n
Much better, but I can still see a few things that need fix0ring!
StormtrooperTR889 wrote:C:\WINDOWS\System32\Winkej.exe <== J00 G07 T3h KLEZ. Get AVG Antivirus.
C:\WINDOWS\System32\Winkrb.exe <== KLEZ again. www.grisoft.com <==AVG
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe <== Spyware from Kazaa. Get Kazaa Lite.

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART <== kill this.

(I like this one ;)) O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck <== Ah I see you have Spybot SD! (keep this btw, its not a kill request)

Posted: 2003-09-06 09:17pm
by Crayz9000
phongn wrote:Luckily, no autoexecuting trojans on this machine, IE or not. I've been careful about ActiveX.
The most annoying thing about IE, to me anyway, is the way it lumps ActiveX controls in with most other plugins. So if you set it to a nice security level, say a modified High, then it'll prompt you if there's Flash, etc on the page.

Freaking annoying.

Posted: 2003-09-06 09:19pm
by Einhander Sn0m4n
Crayz9000 wrote:
phongn wrote:Luckily, no autoexecuting trojans on this machine, IE or not. I've been careful about ActiveX.
The most annoying thing about IE, to me anyway, is the way it lumps ActiveX controls in with most other plugins. So if you set it to a nice security level, say a modified High, then it'll prompt you if there's Flash, etc on the page.

Freaking annoying.
TH4NK YUO!!1

I hate that shit too. Flash=Harmless. ActiveHaX != Harmless!

Posted: 2003-09-06 10:06pm
by YT300000
Mmmm... crapware. :)

Posted: 2003-09-06 10:14pm
by The Cleric
Logfile of HijackThis v1.96.4
Scan saved at 10:12:02 PM, on 9/6/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\All Users\My Documents\Andrew's Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab

Posted: 2003-09-06 10:21pm
by Einhander Sn0m4n
Kill all incidences of 'P2P Networking.exe'

Otherwise, you're clean.

Image

Posted: 2003-09-06 11:05pm
by Straha
phongn wrote:http://bbs.stardestroyer.net/viewtopic.php?t=24412

We mods put this stuff up for a reason...
Thank ye kindly good sir.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited