TechSpot

HJT Help...

By BrownEyedGurlx2
Nov 27, 2004
  1. I generally only use FireFox but happened to use IE and got a ton of spyware/adaware on my comp. I ran adaware, cwshredder, spybot, removed adcontrol and taskad in safe mode and ran a new log in safe mode . . can someone just look this over to make sure I have not missed anything? Thank you.

    Logfile of HijackThis v1.98.2
    Scan saved at 3:14:04 PM, on 11/27/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://email.godaddy.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://email.godaddy.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\System32\GoogleToolbar_1.1.54-deleon.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
    O4 - Global Startup: Go Daddy Software Go Daddy VPN Client.lnk.disabled
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
     
  2. AtK SpAdE

    AtK SpAdE TechSpot Chancellor Posts: 1,851

    I am no expert on security but, i think you have done as much as you can do. Good luck



    Sean :darth:
     
  3. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,919   +9

    Condolences.

    Is GoDaddy some sort of application that you use? If not, then you can delete these:

    These also look suspicious and unnecessary to me:

    Welcome to TechSpot!
     
  4. BrownEyedGurlx2

    BrownEyedGurlx2 TS Rookie Topic Starter

    Godaddy is my VPN client . . and partypoker, well hell yes I need that :)
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Apart from the go daddy stuff as Mict said it looks fine to me.

    Regards Howard :wave: :wave:
     
  6. BrownEyedGurlx2

    BrownEyedGurlx2 TS Rookie Topic Starter

    fantastic, thanks guys!
     
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Yup, I agree.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.