HijackThis log file (Swatkat Help)

pirates1323 · 14-04-2005, 03:57 PM

I scanned my computer "swatkat" do u think anything wrong in there cause me using opera and me not able to browse tht much fast which I should:

Logfile of HijackThis v1.99.1
Scan saved at 3:52:07 PM, on 4/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\WINNT\System32\cisvc.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
E:\WINNT\system32\pctspk.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\system32\ping.exe
E:\Program Files\Sify Broadband\BBClient.exe
E:\Program Files\Opera\opera.exe
E:\WINNT\System32\cidaemon.exe
E:\Program Files\DAP\DAP.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\Robin\LOCALS~1\Temp\Rar$EX00.484\Hijac kThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "E:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] E:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = E:\Program Files\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = E:\Program Files\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c337.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{742D29F6-E2C4-43B7-8F0B-744639B6E6C2}: NameServer = 202.144.50.4,202.144.115.4
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - E:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.624.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: McShield - Network Associates, Inc. - E:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - E:\WINNT\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SuperProServer - Unknown owner - E:\Tally\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINNT\system32\ZoneLabs\vsmon.exe

Host file:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

pirates1323 · 14-04-2005, 04:17 PM

Also want to tell you that when I disable "generic host process for win32 Services" and "Services and Controller app" to connect to the internet in zone alarm then browser does not open any sites..... if I make them to connect then site opens....

aadipa · 14-04-2005, 04:31 PM

I am not HJT expert but this entry looks odd to me.

Quote:

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c337.cab

theraven · 14-04-2005, 04:49 PM

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 3:52:07 PM, on 4/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\WINNT\System32\cisvc.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
E:\WINNT\system32\pctspk.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\system32\ping.exe
E:\Program Files\Sify Broadband\BBClient.exe
E:\Program Files\Opera\opera.exe
E:\WINNT\System32\cidaemon.exe
E:\Program Files\DAP\DAP.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\Robin\LOCALS~1\Temp\Rar$EX00.484\Hijac kThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "E:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] E:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = E:\Program Files\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = E:\Program Files\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c337.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{742D29F6-E2C4-43B7-8F0B-744639B6E6C2}: NameServer = 202.144.50.4,202.144.115.4
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - E:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.624.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: McShield - Network Associates, Inc. - E:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - E:\WINNT\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SuperProServer - Unknown owner - E:\Tally\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINNT\system32\ZoneLabs\vsmon.exe

remove the bold entries
and yeah u need to allow those services in ZAP

drgrudge · 14-04-2005, 05:42 PM

Quote:

Originally Posted by pirates1323

Logfile of HijackThis v1.99.1
Scan saved at 3:52:07 PM, on 4/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\WINNT\System32\cisvc.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
E:\WINNT\system32\pctspk.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\system32\ping.exe
E:\Program Files\Sify Broadband\BBClient.exe
E:\Program Files\Opera\opera.exe
E:\WINNT\System32\cidaemon.exe
E:\Program Files\DAP\DAP.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\Robin\LOCALS~1\Temp\Rar$EX00.484\Hijac kThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "E:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] E:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = E:\Program Files\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = E:\Program Files\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c337.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{742D29F6-E2C4-43B7-8F0B-744639B6E6C2}: NameServer = 202.144.50.4,202.144.115.4
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - E:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.624.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: McShield - Network Associates, Inc. - E:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - E:\WINNT\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SuperProServer - Unknown owner - E:\Tally\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINNT\system32\ZoneLabs\vsmon.exe

Host file:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Remove those two entries in red!

swatkat · 14-04-2005, 06:45 PM

Quote:

Originally Posted by pirates1323

I scanned my computer "swatkat" do u think anything wrong in there cause me using opera and me not able to browse tht much fast which I should:

Logfile of HijackThis v1.99.1
Scan saved at 3:52:07 PM, on 4/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\WINNT\System32\cisvc.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
E:\WINNT\system32\pctspk.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\system32\ping.exe
E:\Program Files\Sify Broadband\BBClient.exe
E:\Program Files\Opera\opera.exe
E:\WINNT\System32\cidaemon.exe
E:\Program Files\DAP\DAP.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\Robin\LOCALS~1\Temp\Rar$EX00.484\Hijac kThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.d ll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "E:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] E:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage QD Detect.lnk = E:\Program Files\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage QD TS.lnk = E:\Program Files\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c337.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{742D29F6-E2C4-43B7-8F0B-744639B6E6C2}: NameServer = 202.144.50.4,202.144.115.4
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - E:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.624.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: McShield - Network Associates, Inc. - E:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - E:\WINNT\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SuperProServer - Unknown owner - E:\Tally\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINNT\system32\ZoneLabs\vsmon.exe

HOSTS file is alright.

Download CleanUp! and install it.
http://cleanup.stevengould.org/

Now boot in SAFE Mode, close all applications.
Go to Control Panel> Add/Remove Programs. Here uninstall the software which is listed as Wind Updates.

Then run only HijackThis. Select the red entries and click "Fix".
After this, run CleanUp! and reboot and post a fresh log.

drgrudge · 14-04-2005, 07:27 PM

Swatkat:

Quote:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)

First and the second CSLIDs' points to sypware doctor. So is it safe to remove?
Is it safe to remove all the entries which have "no file" thing?

pirates1323 · 14-04-2005, 08:24 PM

Quote:

Originally Posted by swatkat

Now boot in SAFE Mode, close all applications.
Go to Control Panel> Add/Remove Programs. Here uninstall the software which is listed as Wind Updates.

I have posted this many times that my computer is not booting in safe mode but no one listen to me......... It says windows is starting than nothing happens........

In Add/Remove Programs there is no something like wind updates

pirates1323 · 14-04-2005, 09:31 PM

I run hijackthis I removed the ones which u said swatkat but an error camed then I click ok and closed the app. then I restarted my comp... then I run again and the errors were fixed.. so in between I run clean up two times this is last one log file:

CleanUp! started on 04/14/05 21:15:52.
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\blank[2].htm - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\corner-bl[1].gif - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\UIFrame[1].htm - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\LLCXMM48\corner-tl[1].gif - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\LLCXMM48\corner-tr[1].gif - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\LLCXMM48\icn_support[1].gif - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\QDX1SYCI\corner-br[1].gif - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\QDX1SYCI\default[1].css - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\QDX1SYCI\icn_help[1].gif - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\QDX1SYCI\Install[1].htm - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\UP8CSNFP\Bar[1].gif - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\UP8CSNFP\hdr_mvs_400x39[1].gif - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\UP8CSNFP\icn_updates[1].gif - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\UP8CSNFP\myCioMain[1].htm - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\UP8CSNFP\Share[1].vbs - deleted
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
http://virusscan.securesynergyonline...ipts/Share.vbs - deleted
http://virusscan.securesynergyonline...ode=SkipUpdate - deleted
http://virusscan.securesynergyonline...cn_support.gif - deleted
http://virusscan.securesynergyonline.../corner-br.gif - deleted
http://virusscan.securesynergyonline...nt/default.css - deleted
http://virusscan.securesynergyonline.../corner-tr.gif - deleted
http://virusscan.securesynergyonline...cn_updates.gif - deleted
http://virusscan.securesynergyonline.../corner-bl.gif - deleted
http://virusscan.securesynergyonline...nt/UIFrame.asp - deleted
http://virusscan.securesynergyonline...s/icn_help.gif - deleted
http://virusscan.securesynergyonline...images/Bar.gif - deleted
http://virusscan.securesynergyonline...gent/blank.htm - deleted
http://virusscan.securesynergyonline.../corner-tl.gif - deleted
http://virusscan.securesynergyonline...mvs_400x39.gif - deleted
E:\Documents and Settings\Robin\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\History\History.IE5\MSHist012005041420050 415\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\History\History.IE5\MSHist012005041420050 415\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\History\History.IE5\MSHist012005041420050 415\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Robin@file:///E:/Documents%20and%20S...ts/cleanup.txt - deleted
Visited: Robin@myui://Update.htm - deleted
Visited: Robin@http://virusscan.securesynergy.../myCioMain.asp?Mode=SkipUpdate&Components=1&CompanyKey=36292f2a3 d215c4544415a5d%2D677a736d1800050d060a040306050a06 0104060c0501&PolicyToken=0000000000000000%2D200504 14124901&MachineID=37a2eba4%2Ded81%2D4e23%2Db9db%2 D27bb482ab3ee&G=0 - deleted
Visited: Robin@http://virusscan.securesynergy...heckUpdate.asp?CompanyKey=36292f2a3d215c4544415a5d-677a736d1800050d060a040306050a060104060c0501&Machi neID=37a2eba4-ed81-4e23-b9db-27bb482ab3ee&G=0&MYCIOAGT=20050411163225&MYUPDATE= 20050411163225&VSASAP=20050411163225&MYGETDAT=2005 0413113432&MYXTRDAT=20050411163225&VSENGINE=200504 11163225&EMAILSCN=20050411163225&BOENG=20050411163 225&BOF=20050411163225&PolicyToken=000000000000000 0-20050414124901 - deleted
E:\Documents and Settings\Robin\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Cookies\robin@sify[1].txt - deleted
Cookie:robin@sify.com/ - deleted
E:\Program Files\Opera\opera.win - deleted
E:\Program Files\Opera\Opera.win - deleted
E:\Documents and Settings\Robin\Recent\cleanup.txt.lnk - deleted
E:\WINNT\temp\ZLT07d6e.TMP currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\locals~1\tempor~1\Content.IE5\index .dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\History\History.IE5\MSHist012005041420050 415\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Default User\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Default User\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Default User\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\History\History.IE5\MSHist012005041420050 415\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
E:\Program Files\McAfee\Managed VirusScan\VScan\Report\CIO3.tmp currently in use. Will be deleted when Windows is restarted.
E:\Program Files\Opera\profile\opera6.adr.bak - deleted
E:\WINNT\system32\NtmsData\NTMSDATA.BAK - deleted
E:\WINNT\Temp\ZLT07d6e.TMP currently in use. Will be deleted when Windows is restarted.
'Run MRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 186.6 KB of disk space from 40 files.
CleanUp! finished on 04/14/05 21:16:38.

theraven · 14-04-2005, 09:31 PM

grudge no file there means its an unnecessary entry !!!
so its safe to remove

@pirates u have to tick "show updates" to see the windows updates installed
theres a check box there
see it

pirates1323 · 14-04-2005, 09:45 PM

Quote:

Originally Posted by theraven

@pirates u have to tick "show updates" to see the windows updates installed theres a check box there see it

wherer??????/

.... in which program... what r u talking

drgrudge · 14-04-2005, 09:48 PM

Quote:

Originally Posted by theraven

grudge no file there means its an unnecessary entry !!!
so its safe to remove

Hmm..., thanks for clearing it up! I will remember it next time around.

swatkat · 15-04-2005, 12:25 AM

Anyway, it's better to scan your PC with AntiSpyware tools.
AdAware
SpyBot SnD

AdAware --> Click "Scan Now" button in the left pane and select the radio button "Perform full system scan" and click "Start"

SpyBot SnD --> Go to "Mode" menu and click "Advanced". Then "Settings" tab in the left pane, and click "File Sets" and here selec the file set named "Usage Tracking" and "Tracks.uti". Then click "SpyBot S&D" button in the left pane and click "Check For Problems"

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine