Spyware Issures + HJT log

  1. 22-09-2004  #1
    Y2J
    Y2J is offline Newbie

    Spyware Issures + HJT log

    I ran spybot, the cleaner, and hijack this, fixed alot of issues, restarted the PC (WinXP Pro on an IBM T40 laptop)

    hijack this found more things, here is a log, any issues? the webex and marimba stuff are part of the corporate package

    Logfile of HijackThis v1.97.7
    Scan saved at 11:23:05 AM, on 9/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\netia32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    C:\PROGRA~1\COMMON~1\RESEAR~1\RIMDEV~1\RIMDEV~1.EX E
    C:\PROGRA~1\COMMON~1\RESEAR~1\USBDRI~1\BbDevMgr.ex e
    C:\WINDOWS\winzm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gtldu.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gtldu.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gtldu.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gtldu.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gtldu.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gtldu.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gtldu.dll/sp.html#29126
    O2 - BHO: (no name) - {33AC10E4-94BE-C3D0-855D-41F27DCEDD3D} - C:\WINDOWS\system32\msny.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [MSI_UDAgent] "C:\WINDOWS\System32\udagent.exe" -c
    O4 - HKLM\..\Run: [EchoPrg] "C:\Program Files\iManage\portbl32.exe" -DS20
    O4 - HKLM\..\Run: [CheckMarimba] C:\windows\drivers\scripts\CheckMarimba.exe
    O4 - HKLM\..\Run: [winzm.exe] C:\WINDOWS\winzm.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...888.5855208333
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwe.webex.com/client/v_myweb...ex/ieatgpc.cab
  2. 23-09-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    First of all update your version of Hijack This from http://hjt.isecureit.co.uk and then post a fresh log. Also post a GetActiveServices log:
    1. ActiveServices ...
      • Please download GetService.zip
      • Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
      • getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.
    From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work
+ Reply to Thread
« need help removing Home Search Assistant and Only The Best pop up | Hijack This Log (Resolved) »