Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
|
|||||||
hijack this tell me what to delete and maybe steps for tweeking my internet connect.
 |
|
|
|
Thread Tools |
|
#1
03-05-2005
|
|||
|
|||
|
hijack this tell me what to delete and maybe steps for tweeking my internet connect.
Scan saved at 11:41:02 PM, on 3/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe C:\PROGRA~1\AT&T\DSL\programs\dslpca.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\WINDOWS\system32\wmpa36.exe C:\Program Files\Lexmark X5100 Series\lxbabmon.exe C:\WINDOWS\system32\sys.exe C:\WINDOWS\mm15201518.Stub.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\XXXGEN~1.OSC\LOCALS~1\Temp\Rar$EX38.891\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll (file missing) O2 - BHO: (no name) - {DA0F1D45-D9F5-DB0B-D31B-8F1D80441097} - C:\WINDOWS\System32\gtxby.dll (file missing) O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" O4 - HKLM\..\Run: [DELUXECC] C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe O4 - HKLM\..\Run: [AT&T DSL Service PCA Program] C:\PROGRA~1\AT&T\DSL\programs\dslpca.exe /ws O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt O4 - HKLM\..\Run: [ywqfpfx] c:\windows\system32\ywqfpfx.exe O4 - HKLM\..\Run: [WindowsRegKey upd4te2d4te] sjzyjmifq.exe O4 - HKLM\..\Run: [Windows Media Player 3.6] wmpa36.exe O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system32\defragfatz.exe O4 - HKLM\..\Run: [Sygate Personal Firewall] sys.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgd.exe O4 - HKLM\..\Run: [Microsoft SpA Service] msapps.exe O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe O4 - HKLM\..\Run: [loads.exe] C:\WINDOWS\suploads.exe O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [b307615ea5cf] C:\WINDOWS\System32\browseui.exe O4 - HKLM\..\Run: [Automatic Microsoft Windows Updater] SUCHOST.EXE O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [9VvLwA0] C:\windows\system32\9VvLwA0.exe O4 - HKLM\..\Run: [3WN77N#57#5BCQ] C:\WINDOWS\System32\Qdo77j0i.exe O4 - HKLM\..\RunServices: [Windows Media Player 3.6] wmpa36.exe O4 - HKLM\..\RunServices: [Sygate Personal Firewall] sys.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Sygate Personal Firewall] sys.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download with &Etomi - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.att.net O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107610681515 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe |
|
#2
03-05-2005
|
||||
|
||||
|
Sorry it's late and I'm too tired to go through the whole thing. This entry
O4 - HKLM\..\Run: [Automatic Microsoft Windows Updater] SUCHOST.EXE is this worm. W32/Rbot-EQ Info on it is here. Playing with HJT isn't going to fix it. Check the description tab for verification. Recovery tab for manual removal. Get a good anti-virus program or make sure your symantec is up to date, and run it. http://www.sophos.com/virusinfo/analyses/w32rboteq.html I'd go here and run this as well since it didn't seem symantec was up to the task if it was indeed updated. Once you have removed the worm, hit the key with the MS flag on it, andpause/break at the same time to open system properties. go to the system restore tab and turn off system restore on all drives. Then run the AV scan again. If it's all clear, restart system restore. It will automatically set a new restore point. Download SpywareBlaster and SpywareGuard and use them both. http://housecall.trendmicro.com/ |
|
|
#3
03-05-2005
|
|||
|
|||
|
luvhuffer,
think you are up to the task? Go ahead! |
