Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware


  • Please log in to reply

#1
wooly4isu

wooly4isu

    New Member

  • Member
  • Pip
  • 9 posts
My daughter's computer runs slow, here is the log after running Spybot S & D...
Logfile of HijackThis v1.98.0
Scan saved at 10:22:43 AM, on 9/17/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\NOVELL\CLIENT32\NWRECMSG.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMPUTERASSOCIATES\95AGENT\W95AGENT.EXE
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHOST32.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\DPMW32.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\MAILALERT\MAILALERT.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.95.95:80;https=192.168.95.95:80;socks=192.168.95.95:1080
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SideStep Browser Helper - {08351227-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE027.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Program Files\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CardScan300Start] c:\Program Files\Corex\CardScan\CSRESET.EXE /INIT
O4 - HKLM\..\Run: [NDPS] c:\windows\SYSTEM\dpmw32.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\PROGRAM FILES\HOTBAR\BIN\4.5.1.0\WEATHERONTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Client agent for ARCserve] c:\Program Files\ComputerAssociates\95Agent\\W95AGENT.EXE
O4 - HKLM\..\RunServices: [awhost32] c:\Program Files\Symantec\pcAnywhere\\Awhost32.exe /A
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - Startup: MailAlert.lnk = C:\Program Files\MailAlert\MailAlert.exe
O4 - Startup: Image.LNK = C:\Program Files\Norton Utilities\IMAGE32.EXE
O4 - Startup: Acrobat Assistant.lnk = ?
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE027.DLL
O9 - Extra button: Dell Home - {BFA651E0-24D1-11D4-B9AF-00010242D5E3} - (no file) (HKCU)
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {8FBFE5FF-5E98-11D3-80AF-00C04FCFBC72} (SurveyCtl35 Class) - http://activex.micro...izards/sw35.cab
O16 - DPF: {52ADE293-85E8-11D2-BB22-00104B0EA281} (MS Investor Ticker) - http://fdl.msn.com/p...r/v7/ticker.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn....ior/Outside.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Control) - http://communities.m...cr/MsnPUpld.cab
O16 - DPF: {6BD4FB43-470E-11D2-B99D-00104B02C956} (AtDownloadIE Class) - http://dailydemo.web...ex/atbootie.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn....id/MSSurVid.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - http://download.side...00719/sb027.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = uisnet.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.95.95

Thanks for your help!
  • 0

Advertisements


#2
Hemal

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP