ComputerForum.com ComputerForum.com  
TigerDirect
  
Go Back   Computer Forum > Computer Software > Computer Security
Hijack this and Xoft scans Hijack this and Xoft scans
Register FAQ Members List Calendar Mark Forums Read

Reply
Page 1 of 2 1 2 >
 
LinkBack Thread Tools Display Modes
Old 03-22-2007, 10:40 PM   #1 (permalink)
Del
Silver Member
 
Join Date: Mar 2007
Posts: 172
Default Hijack this and Xoft scans
Accaully it's only about 1.2 of the Xoft scan but it should be enough for now. What things should I get rid of, how, and what should I do next?

Xoft screancaps --
http://img221.imageshack.us/my.php?image=xoft1rg1.png
http://img134.imageshack.us/my.php?image=xoft2ge5.png
http://img213.imageshack.us/my.php?i...oft4555ua6.png
http://img218.imageshack.us/my.php?image=xoft556pq7.png


Hijack this log---
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:19:55 AM, on 3/14/2007
Platform: Windows ME (Win9x 4.90.3000)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\MICROSOFT GIF ANIMATOR\ASHSERV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\MICROSOFT GIF ANIMATOR\ASHWEBSV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\TRILLIAN\TRILLIAN.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ACCESSORIES\FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\XOFTSPYSE\XOFTSPY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\DESKTOP\BEC'S\HIJACKTHIS_V2.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wishtv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wishtv.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\MICROS~2\ASHWEBSV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Microsoft GIF Animator\ashServ.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\RunServices: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKUS\.DEFAULT\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1 (User 'Default user')
O4 - .DEFAULT Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user')
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL

--
End of file - 6826 bytes
__________________
~Del


Intel C2D E6750 2.66ghz
GA-P35-DS3L
WD 160gb
eVGA Geforce 7600 GS 256mb
Win XP pro SP2
2 1gb 4-4-4-12 PC2 6400
460W xCilo
Del is offline   Reply With Quote


Old 04-08-2007, 09:29 PM   #2 (permalink)
Del
Silver Member
 
Join Date: Mar 2007
Posts: 172
Default
I ment 1/2 of the Xoft. Oh, and why is no one posting?
__________________
~Del


Intel C2D E6750 2.66ghz
GA-P35-DS3L
WD 160gb
eVGA Geforce 7600 GS 256mb
Win XP pro SP2
2 1gb 4-4-4-12 PC2 6400
460W xCilo
Del is offline   Reply With Quote
Old 04-14-2007, 09:29 PM   #3 (permalink)
Del
Silver Member
 
Join Date: Mar 2007
Posts: 172
Default
weekly bump.
__________________
~Del


Intel C2D E6750 2.66ghz
GA-P35-DS3L
WD 160gb
eVGA Geforce 7600 GS 256mb
Win XP pro SP2
2 1gb 4-4-4-12 PC2 6400
460W xCilo
Del is offline   Reply With Quote
Old 04-15-2007, 08:54 AM   #4 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 6,295
Default
Run this online scan and save the report it makes.
http://www.pandasoftware.com/products/activescan.htm
Post the report here.
__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!
Buzz1927 is offline   Reply With Quote
Old 04-16-2007, 12:42 AM   #5 (permalink)
Del
Silver Member
 
Join Date: Mar 2007
Posts: 172
Default
Sure, but is there something wrong with how I posted hijack this and Xoft?

What are 'jokes' that this scan detects?

Dang, I downloaded the ActiveX, but the scan stopped working and wouldn't turn on right. I'll try again a different day.
__________________
~Del


Intel C2D E6750 2.66ghz
GA-P35-DS3L
WD 160gb
eVGA Geforce 7600 GS 256mb
Win XP pro SP2
2 1gb 4-4-4-12 PC2 6400
460W xCilo
Del is offline   Reply With Quote


Old 04-16-2007, 10:13 AM   #6 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 6,295
Default
What you posted is fine, but I wouldn't recommend Xsoft, it has a dubious reputation.
If that scan doesn't work, try this one, it works with firefox as well.
http://housecall65.trendmicro.com/
__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!
Buzz1927 is offline   Reply With Quote
Old 04-16-2007, 10:00 PM   #7 (permalink)
Del
Silver Member
 
Join Date: Mar 2007
Posts: 172
Default
I'm running that site but the compatability check is taking a while.
__________________
~Del


Intel C2D E6750 2.66ghz
GA-P35-DS3L
WD 160gb
eVGA Geforce 7600 GS 256mb
Win XP pro SP2
2 1gb 4-4-4-12 PC2 6400
460W xCilo
Del is offline   Reply With Quote
Old 04-18-2007, 07:42 PM   #8 (permalink)
New Member
 
splatware's Avatar
 
Join Date: Apr 2007
Posts: 7
Default
dont use pandasoftware as it has lots of bugs and at the end it will ask you to register or pay to use their cleaner also installs bunch of junk in your system. Use trendmicro
__________________
Free Internet Security
Enjoy the Internet with free award winning protection.
splatware is offline   Reply With Quote
Old 04-18-2007, 09:40 PM   #9 (permalink)
Del
Silver Member
 
Join Date: Mar 2007
Posts: 172
Default
@.@ so many scans... such bad net...
__________________
~Del


Intel C2D E6750 2.66ghz
GA-P35-DS3L
WD 160gb
eVGA Geforce 7600 GS 256mb
Win XP pro SP2
2 1gb 4-4-4-12 PC2 6400
460W xCilo
Del is offline   Reply With Quote
Old 04-25-2007, 07:15 AM   #10 (permalink)
Del
Silver Member
 
Join Date: Mar 2007
Posts: 172
Default
How about I do hijack on the corrupted comp in safe and delete anything the scan picks up? That should un corrupt it long enough to burn my *then clean* files to cd before reformatting and installing windows 95.
__________________
~Del


Intel C2D E6750 2.66ghz
GA-P35-DS3L
WD 160gb
eVGA Geforce 7600 GS 256mb
Win XP pro SP2
2 1gb 4-4-4-12 PC2 6400
460W xCilo
Del is offline   Reply With Quote
Reply
Page 1 of 2 1 2 >

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:42 PM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.
Copyright © 2002-2008 Computer Forum and Web Design Forum