Missing PCRE.DLL Hijack included
-
Re: Missing PCRE.DLL Hijack included
a-squared Report
Scan started: 3/29/06 8:16:31 PM
Scan finished: 3/29/06 8
03 PM
Scan duration: 0h 4min 32sec
Scanned files: 44630
Infected files: 9
Object Diagnosis
c:\WINDOWS.000\Cookies\susan@edge.ru4[2].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\susan@questionmarket[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\susan@trafficmp[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\susan@casalemedia[2].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\susan@realmedia[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\susan@tribalfusion[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\susan@zedo[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\susan@serving-sys[2].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\susan@citi.bridgetrack[1].txt Trace.TrackingCookie
-
Switch language
a-squared HiJackFree Analysis
www.hijackfree.com
Version info: Result ToDo
Your used version of a-squared HiJackFree: 1.20
The current version of a-squared HiJackFree: 1.20
Your used operating system version: Windows 98 A
The current version of your operating system: Windows XP or 2003 Server
Please update your operating system and install the latest service pack!
Registry Autoruns: Result ToDo
Name: CountrySelection
Path: pctptt.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: PTSNOOP
Path: ptsnoop.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: SpySweeper
Path: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE /startintray
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: a-squared
Path: C:\Program Files\a-squared\a2guard.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Tricky and Other Autoruns: Result ToDo
Name: load
Path:
Location: win.ini
Not checked Unknown Item
Search at Google
Name: run
Path:
Location: win.ini
Not checked Unknown Item
Search at Google
Name: shell
Path: Explorer.exe
Location: win.ini
Not checked Unknown Item
Search at Google
Name: scrnsave.exe
Path: C:\WINDOWS.000\SYSTEM\BLANKS~1.SCR
Location: win.ini
Not checked Unknown Item
Search at Google
Name: Set tvdumpflags
Path: 8
Location: autoexec.bat
Not checked Unknown Item
Search at Google
Name: SET PATH
Path: C:\WINDOWS.000\SYSTEM\WBEM;%PATH%
Location: autoexec.bat
Not checked Unknown Item
Search at Google
Name: a-squared
Path: C:\Program Files\a-squared\a2guard.exe
Location: HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Run\
Not checked Unknown Item
Search at Google
Name: SetupcPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n SetupcPerUser 64 C:\WINDOWS.000\INF\setupc.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: AppletsPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n AppletsPerUser 64 C:\WINDOWS.000\INF\applets.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: FontsPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n FontsPerUser 64 C:\WINDOWS.000\INF\fonts.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {5A8D6EE0-3E18-11D0-821E-444553540000}
Path: rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS.000\INF\icw.inf,PerUserStub,,36
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_ICW_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_ICW_Inis 0 C:\WINDOWS.000\INF\icw97.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4395}
Path: rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS.000\SYSTEM\ie4uinit.inf,Shell.UserStub, ,36
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_MSN_Clean
Path: C:\WINDOWS.000\msnmgsr1.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {CA0A4247-44BE-11d1-A005-00805F8ABE06}
Path: RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Msinfo
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Msinfo 64 C:\WINDOWS.000\INF\msinfo.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Msinfo2
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Msinfo2 64 C:\WINDOWS.000\INF\msinfo.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: MotownMmsysPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n MotownMmsysPerUser 64 C:\WINDOWS.000\INF\motown.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: MotownAvivideoPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n MotownAvivideoPerUser 64 C:\WINDOWS.000\INF\motown.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.000\INF\mplayer2.inf,PerUserStub
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: MotownMPlayPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n MotownMPlayPerUser 64 C:\WINDOWS.000\INF\mplay98.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Base
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Base 64 C:\WINDOWS.000\INF\msmail.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: ShellPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n ShellPerUser 64 C:\WINDOWS.000\INF\shell.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: Shell2PerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n Shell2PerUser 64 C:\WINDOWS.000\INF\shell2.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_winbase_Links
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_winbase_Links 64 C:\WINDOWS.000\INF\subase.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_winapps_Links
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_winapps_Links 64 C:\WINDOWS.000\INF\subase.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_LinkBar_URLs
Path: C:\WINDOWS.000\COMMAND\sulfnbk.exe /L
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: TapiPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n TapiPerUser 64 C:\WINDOWS.000\INF\tapi.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {73fa19d0-2d75-11d2-995d-00c04f98bbc9}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.000\INF\webfdr16.inf,PerUserStub.Instal l,1
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUserOldLinks
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUserOldLinks 64 C:\WINDOWS.000\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: MmoptRegisterPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n MmoptRegisterPerUser 64 C:\WINDOWS.000\INF\mmopt.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: OlsPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n OlsPerUser 64 C:\WINDOWS.000\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: OlsMsnPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n OlsMsnPerUser 64 C:\WINDOWS.000\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Paint_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Paint_Inis 64 C:\WINDOWS.000\INF\applets.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Calc_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Calc_Inis_remove 64 C:\WINDOWS.000\INF\applets.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_dxxspace_Links
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_dxxspace_Links 64 C:\WINDOWS.000\INF\applets1.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_MSBackup_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_MSBackup_Inis 64 C:\WINDOWS.000\INF\applets1.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_CVT_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_CVT_Inis 64 C:\WINDOWS.000\INF\applets1.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: MotownRecPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n MotownRecPerUser 64 C:\WINDOWS.000\INF\motown.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Vol
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Vol 64 C:\WINDOWS.000\INF\motown.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_MSWordPad_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_MSWordPad_Inis 64 C:\WINDOWS.000\INF\wordpad.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_RNA_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_RNA_Inis 64 C:\WINDOWS.000\INF\rna.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Wingames_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Wingames_Inis 64 C:\WINDOWS.000\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Dialer_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Dialer_Inis 64 C:\WINDOWS.000\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_CDPlayer_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_CDPlayer_Inis 64 C:\WINDOWS.000\INF\mmopt.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015C}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.000\INF\msnetmtg.inf,NetMtg.Remove.PerU ser.W95
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: OlsAolPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n OlsAolPerUserRemove 64 C:\WINDOWS.000\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: OlsAttPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n OlsAttPerUserRemove 64 C:\WINDOWS.000\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: OlsCompuservePerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n OlsCompuservePerUserRemove 64 C:\WINDOWS.000\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: OlsProdigyPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n OlsProdigyPerUserRemove 64 C:\WINDOWS.000\INF\ols.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: Theme_Windows_PerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n Themes_Windows_PerUser 0 C:\WINDOWS.000\INF\themes.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: Theme_MoreWindows_PerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n Themes_MoreWindows_PerUser 0 C:\WINDOWS.000\INF\themes.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_DCC_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_DCC_Inis 64 C:\WINDOWS.000\INF\rna.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.000\INF\wmp.inf,PerUserRemove
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.000\INF\msmsgs.inf,BLC.Remove.PerUser
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
Path: C:\WINDOWS.000\SYSTEM\updcrl.exe -e -u C:\WINDOWS.000\SYSTEM\verisignpub1.crl
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Winpopup_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Winpopup_Inis_remove 64 C:\WINDOWS.000\INF\winpopup.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Sysmon_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Sysmon_Inis 64 C:\WINDOWS.000\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Sysmeter_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Sysmeter_Inis 64 C:\WINDOWS.000\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_netwatch_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_netwatch_Inis 64 C:\WINDOWS.000\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_CharMap_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_CharMap_Inis 64 C:\WINDOWS.000\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_ClipBrd_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_ClipBrd_Inis 64 C:\WINDOWS.000\INF\clip.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: MmoptMusicaPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n MmoptMusicaPerUser 64 C:\WINDOWS.000\INF\mmopt.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: MmoptJunglePerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n MmoptJunglePerUser 64 C:\WINDOWS.000\INF\mmopt.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: MmoptRobotzPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n MmoptRobotzPerUser 64 C:\WINDOWS.000\INF\mmopt.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: MmoptUtopiaPerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n MmoptUtopiaPerUser 64 C:\WINDOWS.000\INF\mmopt.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: Shell3PerUser
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n Shell3PerUser 64 C:\WINDOWS.000\INF\shell3.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: PerUser_Onlinelnks_Inis
Path: rundll.exe C:\WINDOWS.000\SYSTEM\setupx.dll,InstallHinfSectio n PerUser_Onlinelnks_Inis_remove 64 C:\WINDOWS.000\INF\appletpp.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA851-CC51-11CF-AAFA-00AA00B6015C}
Path: rundll32.exeadvpack.dll
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: VBScript Script File
Path: C:\WINDOWS.000\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: VBScript Script File
Path: C:\WINDOWS.000\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Script File
Path: C:\WINDOWS.000\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Script File
Path: C:\WINDOWS.000\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script Host Settings File
Path: C:\WINDOWS.000\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script File
Path: C:\WINDOWS.000\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Application
Path: %1 %*
Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Application
Path: %1 %*
Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Batch File
Path: %1 %*
Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Screen Saver
Path: %1 /S
Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Shortcut to MS-DOS Program
Path: %1 %*
Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: WebCheck
Path: C:\WINDOWS.000\SYSTEM\WEBCHECK.DLL
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Layered Service Providers (LSP): Result ToDo
Name: msafd.dll
Path: C:\WINDOWS.000\SYSTEM\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Name: mswsosp.dll
Path: C:\WINDOWS.000\SYSTEM\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Name: rsvpsp.dll
Path: C:\WINDOWS.000\SYSTEM\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Explorer And Browser Addons: Result ToDo
Name:
Path: C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
ClsID: {53707962-6F74-2D53-2644-206D7942484F}
Good: 1 - Bad: 0
View Details
Name: URL Exec Hook
Path: shell32.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: Radio
Path: C:\WINDOWS.000\SYSTEM\MSDXM.OCX
Location: HKLM\Software\Microsoft\Internet Explorer\Toolbar\
ClsID: {8E718888-423F-11D2-876E-00A0C9082467}
Good: 1 - Bad: 0
View Details
Running Processes: Result ToDo
Name: KERNEL32.DLL
Process ID: FF0F8DA1
Path: C:\WINDOWS.000\SYSTEM\
Info: Threads: 6 - Priority: High - Visible: No
Good: 1 - Bad: 0
View Details
Name: MSGSRV32.EXE
Process ID: FFFFFA5D
Path: C:\WINDOWS.000\SYSTEM\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: MPREXE.EXE
Process ID: FFFFCCDD
Path: C:\WINDOWS.000\SYSTEM\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: mmtask.tsk
Process ID: FFFE2021
Path: C:\WINDOWS.000\SYSTEM\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: SPYSWEEPER.EXE
Process ID: FFF135C1
Path: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\
Info: Threads: 2 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: WRSSSDK.EXE
Process ID: FFF1C3CD
Path: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\
Info: Threads: 13 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: EXPLORER.EXE
Process ID: FFF1DC5D
Path: C:\WINDOWS.000\
Info: Threads: 16 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: DDHELP.EXE
Process ID: FFF23131
Path: C:\WINDOWS.000\SYSTEM\
Info: Threads: 6 - Priority: Realtime - Visible: No
Good: 1 - Bad: 0
View Details
Name: WINMGMT.EXE
Process ID: FFF2F2BD
Path: C:\WINDOWS.000\SYSTEM\WBEM\
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: AIM.EXE (AvEvryDsnePSYCHO - Doin some much needed us history---)
Process ID: FFF54EB9
Path: C:\PROGRAM FILES\AIM\
Info: Threads: 6 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
Name: PSTORES.EXE
Process ID: FFF4A7A9
Path: C:\WINDOWS.000\SYSTEM\
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: A2START.EXE
Process ID: FFF437B9
Path: C:\PROGRAM FILES\A-SQUARED\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: IEXPLORE.EXE (DAL Computer Help - Missing PCRE.DLL Hijack included - Microsoft Internet Explorer)
Process ID: FF099721
Path: C:\PROGRAM FILES\INTERNET EXPLORER\
Info: Threads: 13 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
Name: A2SYS.EXE (a-squared HiJackFree)
Process ID: FFF7A0B9
Path: C:\PROGRAM FILES\A-SQUARED\
Info: Threads: 1 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
This analysis is saved and available for at least 7 days at this website address.
Analysis generated on 3/30/2006 3:15:35 AM
-
Post a new hijackthis log please.
How is your computer running now?
-
Hey Neal...It seems to be fine..i d/l yahoo messenger from a freecreed site..all seems ok...so far......but, who knows TYTYTY again for all of your help on this. I truly do appreciate it. I like to "think" I know more than I actually do and it usually gets me into trouble with this thing...LOL TY again.
Susan
Logfile of HijackThis v1.99.1
Scan saved at 9:09:25 PM, on 3/29/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\WINDOWS.000\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...bscan_ansi.cab
-
Just curious .. was i hacked into through my yahoo messenger? And if so, was it related to m0j0 or net_runner or landor????? LOL just curious is all....
-
Hi, glad all is ok. Thanks for stopping by.
Probably all of the above.
If you are no longer having any more trouble here is some preventative measures for you.
Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.
http://forums.thatcomputerguy.us/ind...showtopic=1190
Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.
Explained here:
Windows XP: service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
RegProtect
This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.
You have the option of allowing(good) items or blocking(bad)items.
http://www.diamondcs.com.au/index.php?page=regprot
To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:
1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
MS Antispyware beta: http://www.microsoft.com/athome/secu...e/default.mspx
4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm
OutPost Personal Firewall:
Outpost
5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/
6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:
http://www.javacoolsoftware.com/spywareblaster.html
If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm
*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
