User Name Password Register
DaniWeb IT Discussion Community
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 456,541 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,313 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
Views: 1378 | Replies: 7
Reply
Join Date: Aug 2004
Posts: 212
Reputation: hexstar is an unknown quantity at this point 
Rep Power: 5
Solved Threads: 2
hexstar hexstar is offline Offline
Posting Whiz in Training

Help Is my laptop infested?

  #1  
Aug 12th, 2004
Well, I ran Adaware Professional edition and Spybot S&D and they both found quite a few things which I removed...I'm not sure however if the infections were completely removed or not, could someone please tell me if there's anything I need to fix with the following HijackThis Log I've created from my laptop?

My HiJack This Log
---------------------

Logfile of HijackThis v1.97.7
Scan saved at 7:25:33 PM, on 8/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\GetRight\getright.exe
C:\PROGRA~1\GetRight\getright.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.169.250.28:80
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {249A7517-8A86-9272-9884-347A9D825506} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\IPMon32.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: LetterBox.lnk = C:\Program Files\LetterBox\LetterBox.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Run WinHTTrack (HKLM)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'ypclsp.dll' missing
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab28177.cab
O16 - DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} (YPCXWizard Class) - http://download.yahoo.com/dl/ypc/ypc...2003080601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...999.8260648148
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab

Any help is greatly appreciated.

Thanks!
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Dec 2003
Location: Nashville, TN
Posts: 2,333
Reputation: alc6379 has a spectacular aura about alc6379 has a spectacular aura about alc6379 has a spectacular aura about 
Rep Power: 11
Solved Threads: 102
Colleague
alc6379's Avatar
alc6379 alc6379 is offline Offline
Cookie... That's it

Re: Is my laptop infested?

  #2  
Aug 13th, 2004
I couldn't see anything, maybe except for these two:
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
O2 - BHO: (no name) - {249A7517-8A86-9272-9884-347A9D825506} - (no file)

I'm not really sure about either of those, but I don't see what it would hurt to disable them.
Alex Cavnar, aka alc6379
Reply With Quote  
Join Date: Aug 2004
Posts: 212
Reputation: hexstar is an unknown quantity at this point 
Rep Power: 5
Solved Threads: 2
hexstar hexstar is offline Offline
Posting Whiz in Training

Re: Is my laptop infested?

  #3  
Aug 13th, 2004
yeah, I was kinda curious about the mysearchbar one myself...thanks, I'll "fix" those
Reply With Quote  
Join Date: Feb 2004
Location: Oztralya
Posts: 8,019
Reputation: crunchie is a jewel in the rough crunchie is a jewel in the rough crunchie is a jewel in the rough 
Rep Power: 23
Solved Threads: 455
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is online now Online
Spyware Killer

Re: Is my laptop infested?

  #4  
Aug 13th, 2004
Anything with (no file) after it can be fixed.

Click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://lop.com/new_uninstall.exe
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.
Reply With Quote  
Join Date: Aug 2004
Posts: 212
Reputation: hexstar is an unknown quantity at this point 
Rep Power: 5
Solved Threads: 2
hexstar hexstar is offline Offline
Posting Whiz in Training

Re: Is my laptop infested?

  #5  
Aug 13th, 2004
thanks, I don't have anything (just ran HiJack This) with (no file) but I do have entries with (no name) did you mean I should fix those? Also, sorry if I'm being a pain but I'm not exactly trusting of anything made by lop, even their uninstaller, is it safe/do I need to run it?
Reply With Quote  
Join Date: Apr 2004
Location: Tracy
Posts: 744
Reputation: Killer_Typo will become famous soon enough Killer_Typo will become famous soon enough 
Rep Power: 7
Solved Threads: 32
Killer_Typo's Avatar
Killer_Typo Killer_Typo is offline Offline
Master Poster

Re: Is my laptop infested?

  #6  
Aug 13th, 2004
O2 - BHO: (no name) - {249A7517-8A86-9272-9884-347A9D825506} - (no file)
!!!!! WARNING YOUR COMPUTER MAY BE INFECTED WITH SPYWARE!!!! PAY AN OVER PRICED AMMOUNT TO HAVE SOMTHING FIXED WE PLACED THERE IN THE FIRST PLACE!!!!!!!!!

sound familiar, know how to block yourself and keep yourself clean.
_____________________
http://www.lavasoftusa.com/ -->adaware
http://www.safer-networking.org/en/index.html -->spybot S&D
http://www.javacoolsoftware.com/spywareblaster.html -->spywareblaster
http://www.javacoolsoftware.com/spywareguard.html -->spywareguard
_____________________
and dont forget to spread the reputation to those that deserve!
Reply With Quote  
Join Date: Aug 2004
Posts: 212
Reputation: hexstar is an unknown quantity at this point 
Rep Power: 5
Solved Threads: 2
hexstar hexstar is offline Offline
Posting Whiz in Training

Re: Is my laptop infested?

  #7  
Aug 14th, 2004
oh ><' thanks, didn't see that...I've restarted my computer and it seems to lag when I browse my harddrive, do you think this is due to a infection or because I need to defragment my harddrive (haven't ever done it because I always thought it didn't do anything :p)? I've looked at my task list and everything seems normal...
Reply With Quote  
Join Date: Aug 2003
Posts: 7,786
Reputation: caperjack is a glorious beacon of light caperjack is a glorious beacon of light caperjack is a glorious beacon of light caperjack is a glorious beacon of light caperjack is a glorious beacon of light caperjack is a glorious beacon of light 
Rep Power: 26
Solved Threads: 337
Colleague
caperjack's Avatar
caperjack caperjack is offline Offline
Posting Sage

Re: Is my laptop infested?

  #8  
Aug 14th, 2004
Originally Posted by hexstar
oh ><' thanks, didn't see that...I've restarted my computer and it seems to lag when I browse my harddrive, do you think this is due to a infection or because I need to defragment my harddrive (haven't ever done it because I always thought it didn't do anything :p)? I've looked at my task list and everything seems normal...
you should defrag regulary to put files back were they belong .to optimize the file system ,windows works better when it doesn't have to go looking all over the drive for files!!
Boo!!!!! Sarcastic Jack
Malwarebytes startUpLite Program Works wonders for me .
http://www.malwarebytes.org/startuplite.php
Reply With Quote  
Reply

Only community members can participate in forum threads. You must register or log in to contribute.

DaniWeb Viruses, Spyware and other Nasties Marketplace
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

Thread Tools Display Modes

Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum

All times are GMT -4. The time now is 4:59 am.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC