Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CASWND on the bottom of the taskbar

Started by auxiliary , Oct 21 2005 06:24 AM

  • Please log in to reply

#1
auxiliary
Posted 21 October 2005 - 06:24 AM

auxiliary

    New Member

  • Member
  • Pip
  • 1 posts
I ran a few spyware programs on the pc, and uised HIJACk. Thought I got rid of it after a reboot but it came back.
Here is the log.
Some of the things need to stay because this computer is on a corporate network. I see a few things I removed that seemed to come back. Not sure if that was it. 1 think I did not do was do this in safemode, maybe I need to run killbox on a few files. please tell me what should be removed here. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:50:56 AM, on 10/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe ( I think we need to keep this.)
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\UMCSTUB.EXE
C:\WINNT\System32\Ati2evxx.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe ( Needs to stay.)
C:\WINNT\etlisrv.exe
C:\SYSMGT\TNGEAV\InoRpc.exe ( Needs to stay.)
C:\SYSMGT\TNGEAV\InoRT.exe ( Needs to stay.)
C:\SYSMGT\TNGEAV\InoTask.exe( Needs to stay.)
C:\WINNT\LogWatNT.exe
C:\SYSMGT\TNGRCO\RCManClient.exe ( Needs to stay.)
C:\SYSMGT\TNGRCO\RCOService.exe ( Needs to stay.)
C:\SYSMGT\TNGRCO\rp32u.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
C:\PROGRA~1\SMART\SMARTA~1\SMARTA~1.EXE ( Needs to stay.)
C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE ( Needs to stay.)
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\rsvp.exe
D:\Documents and Settings\zemetisjc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myotis.utc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft....5&plcid=0x0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = utc.com;<local>
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\SxpInst\sxplog32.exe
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINNT\system32\ATPART~1.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Net_Drives] "C:\Program Files\Cisco Systems\VPN Client\UTC_Profiles\Net_Drives.exe" shell ( Needs to stay.)
O4 - HKLM\..\Run: [UTC Firewall Control] "C:\Program Files\Cisco Systems\VPN Client\UTC_Profiles\UTC Firewall Control.exe" ( Needs to stay.)
O4 - HKLM\..\Run: [Realtime Monitor] C:\SYSMGT\TNGEAV\realmon.exe -s ( Needs to stay.)
O4 - HKLM\..\Run: [E4E7EAF0E8EDEFEFE] 9B9EA1A79FA4A6A.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydelet...2.php?KBID=1062 (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} - http://activex.micro...jects/ocget.dll
O16 - DPF: {6BD4FB43-470E-11D2-B99D-00104B02C956} (AtDownloadIE Class) - http://www.webex.com...ex/atbootie.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://webworkshop.f...aDownloader.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP