branding

Navigation



You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
RobA
new user


Reg'd: Wed
Posts: 6
Re: Hijack This Log
      Fri Dec 23 2005 12:19 AM
Reply to this post Reply   Reply to this post Quote  

bricat - Completed L2MFIX. Log is attached plus re-run Hijack This log. L2MFIX did mention entry 020 needs fixing with Hijack This. Please advise. At the time of writing this reply I have had no pop-ups. Thank you for your advice and assistance - much appreciated. PS - How did you know it was VX2?

L2MFIX Log:-

L2mfix Beta 121605
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.

Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 424 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 712 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2640 'explorer.exe'
Killing PID 2640 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 548 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Granting SeDebugPrivilege to Administrateurs ... failed (GetAccountSid(Administrateurs)=1332
Granting SeDebugPrivilege to Administrat÷rer ... failed (GetAccountSid(Administrat÷rer)=1332
Granting SeDebugPrivilege to Administradores ... failed (GetAccountSid(Administradores)=1332
Granting SeDebugPrivilege to Amministratore ... failed (GetAccountSid(Amministratore)=1332
Granting SeDebugPrivilege to Administratoren ... failed (GetAccountSid(Administratoren)=1332

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
moving: C:\WINDOWS\system32\ansnds.dll
Successfully Moved: C:\WINDOWS\system32\ansnds.dll
moving: C:\WINDOWS\system32\avthz.dll
Successfully Moved: C:\WINDOWS\system32\avthz.dll
moving: C:\WINDOWS\system32\dfusic.dll
Successfully Moved: C:\WINDOWS\system32\dfusic.dll
moving: C:\WINDOWS\system32\hjicons.dll
Successfully Moved: C:\WINDOWS\system32\hjicons.dll
moving: C:\WINDOWS\system32\hod.dll
Successfully Moved: C:\WINDOWS\system32\hod.dll
moving: C:\WINDOWS\system32\ir0ul5d91.dll
Successfully Moved: C:\WINDOWS\system32\ir0ul5d91.dll
moving: C:\WINDOWS\system32\jt8807lue.dll
Successfully Moved: C:\WINDOWS\system32\jt8807lue.dll
moving: C:\WINDOWS\system32\ktdes.dll
Successfully Moved: C:\WINDOWS\system32\ktdes.dll
moving: C:\WINDOWS\system32\ktl2l73o1.dll
Successfully Moved: C:\WINDOWS\system32\ktl2l73o1.dll
moving: C:\WINDOWS\system32\mbdart.dll
Successfully Moved: C:\WINDOWS\system32\mbdart.dll
moving: C:\WINDOWS\system32\mgrtdep.dll
Successfully Moved: C:\WINDOWS\system32\mgrtdep.dll
moving: C:\WINDOWS\system32\nomsdba.dll
Successfully Moved: C:\WINDOWS\system32\nomsdba.dll
moving: C:\WINDOWS\system32\nqmsmgr.dll
Successfully Moved: C:\WINDOWS\system32\nqmsmgr.dll
moving: C:\WINDOWS\system32\pmustab.dll
Successfully Moved: C:\WINDOWS\system32\pmustab.dll
moving: C:\WINDOWS\system32\qgvd.dll
Successfully Moved: C:\WINDOWS\system32\qgvd.dll
moving: C:\WINDOWS\system32\rDsauto.dll
Successfully Moved: C:\WINDOWS\system32\rDsauto.dll
moving: C:\WINDOWS\system32\rdutils.dll
Successfully Moved: C:\WINDOWS\system32\rdutils.dll
moving: C:\WINDOWS\system32\tuemeui.dll
Successfully Moved: C:\WINDOWS\system32\tuemeui.dll
moving: C:\WINDOWS\system32\uabmon.dll
Successfully Moved: C:\WINDOWS\system32\uabmon.dll
moving: C:\WINDOWS\system32\we2help.dll
Successfully Moved: C:\WINDOWS\system32\we2help.dll
moving: C:\WINDOWS\system32\wqp.dll
Successfully Moved: C:\WINDOWS\system32\wqp.dll




Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ntfat8]
"DllName"=hex(2):6e,00,74,00,66,00,61,00,74,00,38,00,2e,00,64,00,6c,00,6c,00,\
00,00
"Startup"="ntfat8"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"MaxWait"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\jt8807lue.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\ansnds.dll
C:\WINDOWS\system32\avthz.dll
C:\WINDOWS\system32\dfusic.dll
C:\WINDOWS\system32\hjicons.dll
C:\WINDOWS\system32\hod.dll
C:\WINDOWS\system32\ir0ul5d91.dll
C:\WINDOWS\system32\jt8807lue.dll
C:\WINDOWS\system32\ktdes.dll
C:\WINDOWS\system32\ktl2l73o1.dll
C:\WINDOWS\system32\mbdart.dll
C:\WINDOWS\system32\mgrtdep.dll
C:\WINDOWS\system32\nomsdba.dll
C:\WINDOWS\system32\nqmsmgr.dll
C:\WINDOWS\system32\pmustab.dll
C:\WINDOWS\system32\qgvd.dll
C:\WINDOWS\system32\rDsauto.dll
C:\WINDOWS\system32\rdutils.dll
C:\WINDOWS\system32\tuemeui.dll
C:\WINDOWS\system32\uabmon.dll
C:\WINDOWS\system32\we2help.dll
C:\WINDOWS\system32\wqp.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1AF299AB-DB8E-487D-827C-FB47A137E4BF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1AF299AB-DB8E-487D-827C-FB47A137E4BF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1AF299AB-DB8E-487D-827C-FB47A137E4BF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1AF299AB-DB8E-487D-827C-FB47A137E4BF}\InprocServer32]
@="C:\\WINDOWS\\system32\\tuemeui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{627DB67C-2817-4DF3-8FB8-BC48192E8275}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{627DB67C-2817-4DF3-8FB8-BC48192E8275}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{627DB67C-2817-4DF3-8FB8-BC48192E8275}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{627DB67C-2817-4DF3-8FB8-BC48192E8275}\InprocServer32]
@="C:\\WINDOWS\\system32\\pmustab.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{046615F5-A2C6-4C49-9609-58BFB59283CC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{046615F5-A2C6-4C49-9609-58BFB59283CC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{046615F5-A2C6-4C49-9609-58BFB59283CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{046615F5-A2C6-4C49-9609-58BFB59283CC}\InprocServer32]
@="C:\\WINDOWS\\system32\\rdutils.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E9A4F8D9-5697-4FC7-A1E8-0F85A162A9E5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9A4F8D9-5697-4FC7-A1E8-0F85A162A9E5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9A4F8D9-5697-4FC7-A1E8-0F85A162A9E5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9A4F8D9-5697-4FC7-A1E8-0F85A162A9E5}\InprocServer32]
@="C:\\WINDOWS\\system32\\hjicons.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3E2BA09E-EB2B-4CFC-954D-08DA8D706728}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3E2BA09E-EB2B-4CFC-954D-08DA8D706728}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3E2BA09E-EB2B-4CFC-954D-08DA8D706728}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3E2BA09E-EB2B-4CFC-954D-08DA8D706728}\InprocServer32]
@="C:\\WINDOWS\\system32\\we2help.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{1AF299AB-DB8E-487D-827C-FB47A137E4BF}"=-
"{627DB67C-2817-4DF3-8FB8-BC48192E8275}"=-
"{046615F5-A2C6-4C49-9609-58BFB59283CC}"=-
"{E9A4F8D9-5697-4FC7-A1E8-0F85A162A9E5}"=-
"{3E2BA09E-EB2B-4CFC-954D-08DA8D706728}"=-
[-HKEY_CLASSES_ROOT\CLSID\{1AF299AB-DB8E-487D-827C-FB47A137E4BF}]
[-HKEY_CLASSES_ROOT\CLSID\{627DB67C-2817-4DF3-8FB8-BC48192E8275}]
[-HKEY_CLASSES_ROOT\CLSID\{046615F5-A2C6-4C49-9609-58BFB59283CC}]
[-HKEY_CLASSES_ROOT\CLSID\{E9A4F8D9-5697-4FC7-A1E8-0F85A162A9E5}]
[-HKEY_CLASSES_ROOT\CLSID\{3E2BA09E-EB2B-4CFC-954D-08DA8D706728}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
adding: dlls/ansnds.dll (148 bytes security) (deflated 4%)
adding: dlls/avthz.dll (148 bytes security) (deflated 5%)
adding: dlls/dfusic.dll (148 bytes security) (deflated 5%)
adding: dlls/hjicons.dll (148 bytes security) (deflated 5%)
adding: dlls/hod.dll (148 bytes security) (deflated 5%)
adding: dlls/ir0ul5d91.dll (148 bytes security) (deflated 5%)
adding: dlls/jt8807lue.dll (148 bytes security) (deflated 4%)
adding: dlls/ktdes.dll (148 bytes security) (deflated 5%)
adding: dlls/ktl2l73o1.dll (148 bytes security) (deflated 5%)
adding: dlls/mbdart.dll (148 bytes security) (deflated 5%)
adding: dlls/mgrtdep.dll (148 bytes security) (deflated 4%)
adding: dlls/nomsdba.dll (148 bytes security) (deflated 5%)
adding: dlls/nqmsmgr.dll (148 bytes security) (deflated 4%)
adding: dlls/pmustab.dll (148 bytes security) (deflated 6%)
adding: dlls/qgvd.dll (148 bytes security) (deflated 5%)
adding: dlls/rDsauto.dll (148 bytes security) (deflated 5%)
adding: dlls/rdutils.dll (148 bytes security) (deflated 4%)
adding: dlls/tuemeui.dll (148 bytes security) (deflated 5%)
adding: dlls/uabmon.dll (148 bytes security) (deflated 5%)
adding: dlls/we2help.dll (148 bytes security) (deflated 4%)
adding: dlls/wqp.dll (148 bytes security) (deflated 4%)
adding: backregs/046615F5-A2C6-4C49-9609-58BFB59283CC.reg (212 bytes security) (deflated 70%)
adding: backregs/1AF299AB-DB8E-487D-827C-FB47A137E4BF.reg (212 bytes security) (deflated 70%)
adding: backregs/3E2BA09E-EB2B-4CFC-954D-08DA8D706728.reg (212 bytes security) (deflated 70%)
adding: backregs/627DB67C-2817-4DF3-8FB8-BC48192E8275.reg (212 bytes security) (deflated 70%)
adding: backregs/E9A4F8D9-5697-4FC7-A1E8-0F85A162A9E5.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)

Hijack This log:-

Logfile of HijackThis v1.99.1
Scan saved at 23:35:43, on 22/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVGANT~2\avgamsvr.exe
C:\PROGRA~1\AVGANT~2\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVGANT~2\avgcc.exe
C:\PROGRA~1\AVGANT~2\avgemc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGANT~2\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\AVGANT~2\avgemc.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: ntfat8 - C:\WINDOWS\SYSTEM32\ntfat8.dll
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\jt8807lue.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~2\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~2\avgupsvc.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\CWShredder.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* Hijack This Log RobA Wed Dec 21 2005 01:33 PM
. * * Re: Hijack This Log bricatModerator   Wed Dec 21 2005 09:09 PM
. * * Re: Hijack This Log RobA   Wed Dec 21 2005 10:37 PM
. * * Re: Hijack This Log bricatModerator   Thu Dec 22 2005 12:09 AM
. * * Re: Hijack This Log RobA   Thu Dec 22 2005 07:51 PM
. * * Re: Hijack This Log bricatModerator   Thu Dec 22 2005 09:02 PM
. * * Re: Hijack This Log RobA   Fri Dec 23 2005 12:19 AM
. * * Re: Hijack This Log bricatModerator   Fri Dec 23 2005 12:52 AM
. * * Re: Hijack This Log RobA   Fri Dec 23 2005 08:10 PM
. * * Re: Hijack This Log bricatModerator   Fri Dec 23 2005 10:45 PM
. * * Re: Hijack This Log RobA   Mon Dec 26 2005 01:06 AM
. * * Re: Hijack This Log bricatModerator   Mon Dec 26 2005 09:43 AM

Extra information
0 registered and 43 anonymous users are browsing this forum.

Moderator:  putasolutions, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website

Webuser.co.uk

Web User Alerts

Web User Network

Site Policies

Magazine Subscription

Contacts


Search

© Copyright IPC Media Limited 2009, All rights reserved