1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT Log...Quick Check

Discussion in 'Virus & Other Malware Removal' started by bkatz540, Apr 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. bkatz540

    bkatz540 Thread Starter

    Joined:
    Oct 23, 2003
    Messages:
    273
    Hey everybody!;)

    Juuuust wanted to know if you could do a verrry quick check of my HJT Log...


    Logfile of HijackThis v1.97.7
    Scan saved at 3:56:56 PM, on 4/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINDOWS\System32\EXSHOW95.EXE
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Inet Delivery\intdel_2.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
    C:\Program Files\AGMl33t\IMHider.exe
    C:\Program Files\CheckIt\86\CheckIt86.exe
    C:\Program Files\AGMl33t\aim.exe
    C:\Downloads\HJT\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
    O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Inet Delivery] C:\Program Files\Inet Delivery\intdel_2.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
    O4 - HKCU\..\Run: [IMHider] C:\Program Files\AGMl33t\IMHider
    O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
    O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
    O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partners/aolim/install.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\BENKAT~1\LOCALS~1\Temp\ThereInstallHelper.dll
    O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.3042592593
    O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/cannonballs/install.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    (y) :)
     
  2. raybro

    raybro

    Joined:
    Apr 26, 2003
    Messages:
    5,836
    Found one spyware object. Fix it with HJT as follows.

    Run a new HJT scan and put a check beside the following objects in the list.

    O4 - HKLM\..\Run: [Inet Delivery] C:\Program Files\Inet Delivery\intdel_2.exe

    Close all application windows except HJT. Close all browser windows, including this one. Click the Fix Checked button.

    Restart your computer in Safe mode.

    How to start your computer in Safe mode

    Open Windows Explorer, then go to View > Folder Options. Click on the View tab and make sure Show all files is ticked and uncheck Hide file extensions for known file types. Click Like Current Folder then click Apply then OK

    Using Windows Explorer, navigate to and delete the following folder and/or file identified in bold type:

    C:\Program Files\Inet Delivery\intdel_2.exe

    Boot back to Normal Mode and post another HJT log.
     
  3. bkatz540

    bkatz540 Thread Starter

    Joined:
    Oct 23, 2003
    Messages:
    273
    Hi!


    Thx for the reply....b4 i saw your post i ran spybot s&d....it deleted that...and now my log doesnt show that anymore....;)
     
  4. raybro

    raybro

    Joined:
    Apr 26, 2003
    Messages:
    5,836
    Yup, Spybot would likely fix it too. Guess you are OK now.

    It might be a good idea to check for the folder and file and delete it's still there. Spybot will certainly take care of the registry entry, but I do not know if it will delete the folder/file. Can't hurt to look here:

    C:\Program Files\Inet Delivery\intdel_2.exe

    Regards - Ray
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222657

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice