HJT log help
Results 1 to 8 of 8

Thread: HJT log help

  1. #1
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724

    HJT log help

    OK a guy I talk to is getting this as his user agent when he goes to ipchicken.com .
    Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts-MyWay; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.40607)
    Which pretty much screams FunWebProducts. I looked over his HJT log and googled for everything I didn't know. Anyone see something I'm missing?
    Logfile of HijackThis v1.97.7
    Scan saved at 11:09:40 PM, on 8/30/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Documents and Settings\Matthew\My Documents\Bots\PandaChat\PandaChat.exe
    C:\Documents and Settings\Matthew\My Documents\Bots\Copy of PandaChat\PandaChat.exe
    C:\Program Files\Gaim\gaim.exe
    C:\Program Files\eclipse\eclipse.exe
    C:\WINDOWS\system32\javaw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Matthew\Desktop\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {62F5BBB6-A71E-46E7-AE78-73D25185EDC8} - C:\Program Files\GuardBar\GuardBar.dll
    O3 - Toolbar: GuardBar - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} - C:\Program Files\GuardBar\GuardBar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKLM\..\Run: [PC-CAM 350 STI App Registration] RunDLL32.exe P1060pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X
    O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downlo...?1092366150437
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...211.7910069444
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    TIA
    When death sleeps it dreams of you...

  2. #2
    O2 - BHO: (no name) - {62F5BBB6-A71E-46E7-AE78-73D25185EDC8} - C:\Program Files\GuardBar\GuardBar.dll
    O3 - Toolbar: GuardBar - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} - C:\Program Files\GuardBar\GuardBar.dll
    http://www.guardbar.com/

    Legit or bogus?

    C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe <--What's that?

    O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup <---What's that?

  3. #3
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724
    Those are the ones I checked out. They all seem legit except the last one. I'll get with himn and find out what it is. Thanks for the help.
    When death sleeps it dreams of you...

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    201
    Here's some good reading on how to uninstall:

    http://www.funwebproducts.com/uninstall.html

    Hope that helps!

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Umm..

    C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe <--What's that?
    That's an adware program similiar to Memory Meter Pro.

    HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup <---What's that?
    A legit program that helps clean the registry, however it may contain adware (check it out).

    And for more help with reading and anything about HJT logs, wait for groovicus to read this thread!
    Space For Rent.. =]

  6. #6
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724
    Originally posted here by meeeeeee
    Here's some good reading on how to uninstall:

    http://www.funwebproducts.com/uninstall.html

    Hope that helps!
    Yeah, I probably should have mentioned that I had mentioned that to him and he didn't have any of the products they mention on that page.
    When death sleeps it dreams of you...

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Posts
    201
    http://www.downloads.subratam.org/hijackthis.zip

    Get the newest HijackThis (1.98.2) and see if that shows anything new. Also, have you had him run Spybot & Ad-aware? They're pretty good at cleaning out the remnants.

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    No need for me to help, meeeeeeeeeee is way better at this than i am

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •