HJT Log...Quick Check

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bkatz540

Thread Starter
Joined
Oct 23, 2003
Messages
273
Hey everybody!;)

Juuuust wanted to know if you could do a verrry quick check of my HJT Log...


Logfile of HijackThis v1.97.7
Scan saved at 3:56:56 PM, on 4/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\EXSHOW95.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Inet Delivery\intdel_2.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
C:\Program Files\AGMl33t\IMHider.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\AGMl33t\aim.exe
C:\Downloads\HJT\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Inet Delivery] C:\Program Files\Inet Delivery\intdel_2.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [IMHider] C:\Program Files\AGMl33t\IMHider
O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\BENKAT~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.3042592593
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/cannonballs/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

(y) :)
 
Joined
Apr 26, 2003
Messages
5,837
Found one spyware object. Fix it with HJT as follows.

Run a new HJT scan and put a check beside the following objects in the list.

O4 - HKLM\..\Run: [Inet Delivery] C:\Program Files\Inet Delivery\intdel_2.exe

Close all application windows except HJT. Close all browser windows, including this one. Click the Fix Checked button.

Restart your computer in Safe mode.

How to start your computer in Safe mode

Open Windows Explorer, then go to View > Folder Options. Click on the View tab and make sure Show all files is ticked and uncheck Hide file extensions for known file types. Click Like Current Folder then click Apply then OK

Using Windows Explorer, navigate to and delete the following folder and/or file identified in bold type:

C:\Program Files\Inet Delivery\intdel_2.exe

Boot back to Normal Mode and post another HJT log.
 

bkatz540

Thread Starter
Joined
Oct 23, 2003
Messages
273
Hi!


Thx for the reply....b4 i saw your post i ran spybot s&d....it deleted that...and now my log doesnt show that anymore....;)
 
Joined
Apr 26, 2003
Messages
5,837
Yup, Spybot would likely fix it too. Guess you are OK now.

It might be a good idea to check for the folder and file and delete it's still there. Spybot will certainly take care of the registry entry, but I do not know if it will delete the folder/file. Can't hurt to look here:

C:\Program Files\Inet Delivery\intdel_2.exe

Regards - Ray
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top