0

Hey, I would like to have a little checkup, so is my computer sick doctor? ;)

Logfile of HijackThis v1.97.7
Scan saved at 12:45:52 PM, on 8/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\Explorer.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\HJTWin2k\HIJACK~1.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Winamp\winamp.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] E:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeskMateAutoUpdate] E:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=e44454ba346fa4d80e0cedbf24c3223f55f5e3243e19004c38d857c8a3fd3077fc5109b0c82dd87ee73ee6f92533b73a46c15f47:acdb9165c9e5bbd3a3dfe2ba6d2474e0
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38220.3163773148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

2
Contributors
8
Replies
9
Views
12 Years
Discussion Span
Last Post by crunchie
0

Hi again Yzk. It is a little under the weather. Have a look in add/remove programs for Bargain Buddy & uninstall it, if found. If not, please do the following:

Update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)

O4 - HKLM\..\Run: [DeskMateAutoUpdate] E:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3dfe2ba6d2474e0
-Blazefind Windupdates Adware

Then delete the Deskmate folder.

0

Thanks for your help, Crunchie. As you can see some of my room mates have been busy. now lets see what is going on the follow up! And Crunchie do take your time. If things are a bit under the weather, like my roommates would say. Relax :cool: btw the other one would say OMG OMG OMG!! :eek:

Logfile of HijackThis v1.98.2
Scan saved at 9:31:57 PM, on 9/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\Explorer.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\eMule\emule.exe
E:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\MICROS~1\Office\OUTLOOK.EXE
E:\Program Files\SpywareGuard\sgbhp.exe
E:\WINNT\msagent\AgentSvr.exe
E:\HJTWin2k\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] E:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

and what about the 010 - broken internet access because of missing xfire_lsp.dll?

0

Alright, I'm chillin' :cool: like check out my shades and stuff ;)

0

Excuse me for double-posting.. I've just ran a check-up with spybot (newest version), somehow it always finds the same DSO exploit (2). However Ad-aware SE says that it finds nothing. I'll show you the report:

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1708537768-842925246-1060284298-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

It seems to have something to do with internet zones, however I have no knowledge of this area. :o so, its just a question. What does this one mean?

Edit: As always when I try to fix it, one just clears and the other one needs a reboot.

and yes lol, I am paranoid *poing!*:eek:

0

Spybot has an error regarding this. If all your microsoft updates are installed, you are ok. Set Spybot to ignore it.

0

okay, I've done it. Thanks again Crunchie, your a good guy.

0

You're welcome :) . Marking this as solved. Anyone else with the same problem, please start your own thread. Thank you.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.