hijackthis log

  1. 20-11-2005  #21
    Kizzmit5
    Kizzmit5 is offline Elite Member

    Re: hijackthis log

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    ATIModeChange Ati2mdxx.exe
    ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    Mouse Suite 98 Daemon ICO.EXE
    HKSERV.EXE C:\Program Files\Sony\HotKey Utility\HKserv.exe
    ezShieldProtector for Px C:\WINDOWS\System32\ezSP_Px.exe
    WinPatrol "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    Versato C:\Program Files\Magic Wheel\MulMouse.exe
    AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer
    NoDriveTypeAutoRun 145

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System
    DisableRegistryTools 0
    DisableTaskMgr 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\System32\Userinit.exe
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    = WRLogonNTF.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 11/20/2005 1:38:17 AM

  3. 20-11-2005  #22
    Kizzmit5
    Kizzmit5 is offline Elite Member
    I had a question about a few things i found on the winpatrol. I don't remember putting something called BINGOOO on my computer. there is also a VSI VIS Toolbar one says vsiBar.dll and the other says toolbar.dll they are both velocity. They say they are IE Helpers. Are they harmful? I put the neopets toolbar on but thats all. Should I remove the others from winpatrol or are they important? and i noticed that on some pages where there are words there are also links for companys, is that related to that particular toolbar? Those link things are so annoying.
  4. 20-11-2005  #23
    Kizzmit5
    Kizzmit5 is offline Elite Member
    oops the toolbar.dll is neopets.
  5. 20-11-2005  #24
    Neal
    Neal is offline Dedicated Member
    Both toolbar files are related to neopets.

    Bingooo is a browser type program

    Do you have cometcursors? If so that needs to go.

    Not sure what you are saying about the link thing.



    1. Please download dllcompare (A scanner to locate hidden DLL files) from this locations:
    DLLCompare
    2. When you execute dllcompare.exe, by default the c:\windows\system32 is selected. This can be changed to scan you entire computer for any file type - Simply select the path and check off the box labelled "Include SubDirectories"
    3. Click on "Locate.com" and allow the scan to complete.
    4. After the scan has finished click on "Compare" to scan for the files that Windows does not see. This step will take a few minutes to run.
    5. If the box at the bottom of the screen contains any files, these are the ones that are hidden - Click on "Make a Log of what was Found".
    6. When prompted to "View Log File" click on "Yes".
    7. Notepad will open with the log file contents.
    8. In Notepad, click on "Edit" => "Select All" => "Edit" = "Copy" and post the contents as a reply to this message.

    Thanks.
  6. 20-11-2005  #25
    Kizzmit5
    Kizzmit5 is offline Elite Member
    oh ok cool.

    I don't think I do, but could it have been downloaded with a theme? I used to have the cursors that came with like a browser pack. I got rid of that a long while ago so i'm hoping that went with it.

    The links I mean are like the key words i guess for some browsers. The ones that if you hover over them they tell you where you can get products or they have definitions for words or something. Does that make sense?

    Here is the log:

    * DLLCompare Log version(1.0.0.127)
    Files Found that Windows does not See or cannot Access
    *Not everything listed here means you are infected!
    ________________________________________________

    C:\WINDOWS\SYSTEM32\cgzipl~1.dll Mon Aug 2 1999 4:11:48p A..H. 57,344 56.00 K
    C:\WINDOWS\SYSTEM32\unzip32.dll Wed Dec 2 1998 9:11:02a A..H. 143,360 140.00 K
    C:\WINDOWS\SYSTEM32\zip32.dll Sat Jan 31 1998 1:25:22p A..H. 133,120 130.00 K
    ________________________________________________

    6,275 items found: 6,249 files (3 H/S), 26 directories.
    Total of file sizes: 1,764,881,870 bytes 1.64 G

    Administrator Account = True

    --------------------End log---------------------
  7. 20-11-2005  #26
    Neal
    Neal is offline Dedicated Member
    We are running out of things to do, all those logs show nothing wrong.

    Do you want to get rid of Bingoooo?
  8. 21-11-2005  #27
    Kizzmit5
    Kizzmit5 is offline Elite Member
    hm, then its probably a seperate issue from virus stuff.

    Yeah I think we should get rid of it. I don't think I have used it and its been on my computer for a year.


    do you know of any sites that offer theme items and cursors and things without the spyware and things? starting to think i should make my own lol.
  9. 21-11-2005  #28
    Neal
    Neal is offline Dedicated Member
    Not sure why Bingooo is where it is, that file (SHDOCVW.DLL) is a legitimate file, we better leave it alone.

    Don't know of any safe cursors.
  10. 21-11-2005  #29
    Kizzmit5
    Kizzmit5 is offline Elite Member
    should I go back to the xp board then or is there anything else you can think of?
  11. 21-11-2005  #30
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    One more time.


    Run both the spyware scanners from safe mode please after installing.


    Please get these two spyware programs if you don't already have them.

    SpyBotS&D

    AdawareSE


    Reboot between scans and after last scan



    There is a new and improved version of AdAware that you need to have installed on your computer. The new version is AdAware SE
    If you have AdAware already installed on your system and it's NOT SE go to your Control Panel and click on Add/Remove Programs. Click on AdAware and then REMOVE and then just complete the removal process.

    Once it's un-installed go to http://www.lavasoft.de/ and download the FREE version of AdAware SE. Once it's downloaded double click on the new file to start the install process.
    Click Next>I accept>Next>Next> then be sure and put a dot in the bullet for Anyone Who uses this computer and then click Next>Next>

    In the next dialog box remove the dot in the bullets "Start Scan" and also "Launch Help Files" and click Finish

    Now if the program doesn't launch double click on the icon that should now be on your desktop to start AdAware SE

    Now click on the button for Check for Updates
    If updates are found click on the OK button and after it downloads to 100% click on the Finish button.

    Click the Start Button
    Click on the link for Customize
    in the Main Window under Scan Settings
    click on the red X in front of Scan within archives to change it to a green check

    Then click on the button on the left labeled Advanced
    click on the red X in front of Move deleted files to Recycle Bin to change it to a green check
    click on the red X in front of Include Environment Information to change it to a green check

    Then click on the button on the left labeled Defaults
    click on the Read current settings from system

    Then click on the button on the left labeled Tweak
    Click on the (+) in front of Scanning Engine to expand the group
    click on the red X in front of Obtain Command line of scanned processes to change it to a green check
    click on the red X in front of Run scan as background process to change it to a green check
    click on the red X in front of Use permanent archive caching to change it to a green check

    Click on the (+) in front of Cleaning Engine to expand the group
    click on the red X in front of Disable manual quarantine if auto-quarantine is selected to change it to a green check

    Click on the (+) in front of Safety Settings to expand the group
    click on the red X in front of Reanalyze results after scanning . . . to change it to a green check
    click on the red X in front of Write protect system files after repair to change it to a green check

    Click on the (+) in front of Log File to expand the group
    click on the red X Create Log File for removal operations to change it to a green check

    Click on the (+) in front of User Interface to expand the group
    click on the red X Remember window positions to change it to a green check
    click on the red X Snap windows to desktop borders to change it to a green check
    click on the red X Use gridlines in results list to change it to a green check

    Click on the (+) in front of Web Update Settings to expand the group
    click on the red X Create and save WebUpdate log file to change it to a green check

    Click on the (+) in front of Misc settings to expand the group
    click on the red X Dump details about unhandled exceptions to disk to change it to a green check


    Then click on the button at the bottom right labeled Proceed then click the Next button to start scanning.

    Once the scan is complete you'll have a flashing Bug and a brief sound to indicate scanning is complete and Adware is found. Click on the Next and then click on each of the empty boxes to the left of the found items under SCAN SUMMARY. Then hit the Next button. Then OK. This should clean your system of all the found nasties. When it's complete simply close the program until your next scan session. Always ALWAYS check for updates before very scan.

    # Reboot

    Run spysweeper also from safe mode and let us know if any changes.
+ Reply to Thread
Page 3 of 4 FirstFirst 1 2 3 4 LastLast
« Browser automatically closes | Hijack help »