|
||||||
| FAQ | Members List | Calendar | Today's Posts | Search |
Topic Review (Newest First)
|
| Oct 24th, 2004 12:49 PM | |
| Ninjavenom |
Holy crap, you have a lot of stuff running. Compare that to this: Code:
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Torrents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suprnova.org/
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
The things that stand out to me are the following: Code:
E:\PROGRA~1\Toolbar\TBPSSvc.exe E:\PROGRA~1\Toolbar\TBPS.exe E:\PROGRA~1\Toolbar\PIB.exe E:\PROGRA~1\Yahoo!\browser\ycommon.exe E:\Program Files\Yahoo!\browser\ybrwicon.exe E:\Program Files\Yahoo!\browser\ybrowser.exe Is that yahoo stuff like a browser, or a toolbar accessory? Toolbars are the bane of the web browser's existence. |
| Oct 21st, 2004 09:54 PM | |
| FartinMowler |
Running processes: E  WINNT\System32\smss.exeE WINNT\system32\winlogon.exeE WINNT\system32\services.exeE WINNT\system32\lsass.exeE WINNT\system32\svchost.exeE WINNT\system32\spoolsv.exeE Program Files\Common Files\Symantec Shared\ccEvtMgr.exeE WINNT\System32\Ati2evxx.exeE WINNT\System32\svchost.exeE Program Files\Norton AntiVirus\navapsvc.exeE PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exeE WINNT\system32\regsvc.exeE WINNT\system32\MSTask.exeE PROGRA~1\Toolbar\TBPSSvc.exeE WINNT\System32\WBEM\WinMgmt.exeE WINNT\Explorer.exeE WINNT\Mixer.exeE Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeE Program Files\Common Files\Real\Update_OB\realsched.exeE Program Files\QuickTime\qttask.exeE PROGRA~1\Toolbar\TBPS.exeE Program Files\Common Files\Symantec Shared\ccApp.exeE PROGRA~1\Toolbar\PIB.exeE Program Files\Spybot - Search & Destroy\TeaTimer.exeE Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exeE Program Files\Sony Corporation\Image Transfer\SonyTray.exeE Program Files\WinZip\WZQKPICK.EXEE Program Files\Yahoo!\Messenger\ymsgr_tray.exeE PROGRA~1\Yahoo!\browser\ycommon.exeE Program Files\Yahoo!\browser\ybrwicon.exeE PROGRA~1\mozilla.org\Mozilla\Mozilla.exeE Program Files\Yahoo!\browser\ybrowser.exeE PROGRA~1\WINZIP\winzip32.exeE Documents and Settings\marty.MARTY-16R0T77EY\Local Settings\Temp\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/c...search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://E PROGRA~1\Toolbar\toolbar.dll/saR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - E PROGRA~1\Toolbar\toolbar.dllO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_20_0 .dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - E PROGRA~1\Toolbar\toolbar.dllO2 - BHO: IYBookmarkHO Class - {8B11A219-80C8-4B42-B558-B8C14D1AA8C4} - E Program Files\Yahoo!\browser\ybmho.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - E Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: RHSI Toolbar - {4DF5B116-4FD9-4039-B377-1130953A980F} - E Program Files\Rogers Hi-Speed Internet\RHSI Toolbar\ToolBand.dllO3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - E PROGRA~1\Toolbar\toolbar.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E WINNT\System32\msdxm.ocxO3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_20_0 .dllO4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ATIPTA] E Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [NeroCheck] E WINNT\System32\\NeroCheck.exeO4 - HKLM\..\Run: [TkBellExe] "E Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "E Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WebSavingsFromEbates0] "E Program Files\WebSavings_from_Ebates\WebSavingsFromEbates0 .exe"O4 - HKLM\..\Run: [TBPS] E PROGRA~1\Toolbar\TBPS.exeO4 - HKLM\..\Run: [ccApp] "E Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ccRegVfy] "E Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [Outpost Firewall] E PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitserviceO4 - HKLM\..\Run: [cdexv] E WINNT\System32\cdexv.exeO4 - HKCU\..\Run: [RHSI SHS] "E Program Files\Rogers\SelfHealing\SHS.exe" /backgroundO4 - HKCU\..\Run: [Update Manager] "E Program Files\Rogers\Update Manager\UpdateManager.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] E Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [SpybotSD TeaTimer] E Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [Mozilla Quick Launch] "E Program Files\mozilla.org\Mozilla\Mozilla.exe" -turboO4 - HKCU\..\Run: [Morpheus] "E Program Files\StreamCast\Morpheus\Morpheus.exe" -minO4 - Global Startup: Harmony Monitor.lnk = E Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exeO4 - Global Startup: Image Transfer.lnk = E Program Files\Sony Corporation\Image Transfer\SonyTray.exeO4 - Global Startup: WinZip Quick Pick.lnk = E Program Files\WinZip\WZQKPICK.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - E Program Files\Yahoo!\Common\ylogin.dllO9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - E Program Files\Yahoo!\Common\ylogin.dllO9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - E Program Files\Yahoo!\browser\ysidebarIE.dllO9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - E Program Files\Yahoo!\browser\ysidebarIE.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E WINNT\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E WINNT\web\related.htmO12 - Plugin for .pdf: E Program Files\Internet Explorer\PLUGINS\nppdf32.dllO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E Program Files\Yahoo!\common\yinsthelper.dllO16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802 O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - E PROGRA~1\Toolbar\toolbar.dll
|
| Oct 21st, 2004 08:10 PM | |
| Raize | Look for anything out of the ordinary in your task list. Not just .exe files, but other ones as well. Or get HijackThis, download and run it and post your logs here. |
| Oct 18th, 2004 07:04 PM | |
| eggyolk |
the daily zing keep em coming! 
|
| Oct 18th, 2004 04:42 PM | |
| Emu | It's not spyware, it's your wife trying to tell you something. |
| Oct 18th, 2004 03:59 PM | |
| FartinMowler | Yes, again you are most likely correct. It would be nice to figure out which one. |
| Oct 18th, 2004 03:49 PM | |
| MetalMilitia | Mabey it comes with a program you have installed such as a download accelerator or some such crap. |
| Oct 18th, 2004 03:39 PM | |
| FartinMowler |
tHE pOp-UP THAT jUST WONT gO away!!!! One stupid viagra pop-up...that I'm possitive that is in my system because I can get rid of everything but this one...I have Ad-aware...Spybot...Spyware blaster and anti-pop up programs  I've wiped my system out not too long ago and it's alway's this same pop-up that comes back.
|
