zonda Posted April 24, 2005 Share Posted April 24, 2005 Okay... I am counting on merc, hannibal, cameron, grin, pyro.... the crew for this one. I currently don't have a firewall installed (long story) and I am about to disable ctfmon[Caution: ExecutableFile] (completly useless to me) All the 'extra button' junk is my moms (this is a family computer) and I can't convince her to get rid of all her junk. Anyways, take a gander at it and let me know what you find :wink: Logfile of HijackThis v1.99.1 Scan saved at 8:35:08 PM, on 4/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\system32\explr[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile] C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: ExecutableFile] C:\PROGRA~1\mcafee.com\vso\mcvsescn[Caution: ExecutableFile] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile] c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\unzipped\hijackthis\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: ExecutableFile]" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: ExecutableFile] O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate[Caution: ExecutableFile] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 0852496750 O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: ExecutableFile] O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile] O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile] O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: ExecutableFile]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: ExecutableFile] O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile] O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile] ... Link to comment Share on other sites More sharing options...
Vape Posted April 24, 2005 Share Posted April 24, 2005 Do your best getting a firewall up and running :-? C:\WINDOWS\system32\explr[Caution: ExecutableFile] and O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll ?? Do you know anything about these? Oh and O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Isn't doing anything at all ;) Where the bloody hell are you? Link to comment Share on other sites More sharing options...
zonda Posted April 24, 2005 Author Share Posted April 24, 2005 Do your best getting a firewall up and running :-? C:\WINDOWS\system32\explr.e3e (CAUTION - executable file) and O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll ?? Do you know anything about these? Oh and O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Isn't doing anything at all ;) Oh yea, explr is my personal keylogger, great way to manage what goes on in my computer :wink: I saw the extra button (no name) as well, but wanted a seconrd opinion. Thanks! ... Link to comment Share on other sites More sharing options...
Vape Posted April 24, 2005 Share Posted April 24, 2005 C:\WINDOWS\system32\explr.e3e (CAUTION - executable file) and O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll Oh yea, explr is my personal keylogger, great way to manage what goes on in my computer :wink: Lol :| You do relise I think it's illegal if you don't tell people you're doing it. Where the bloody hell are you? Link to comment Share on other sites More sharing options...
zonda Posted April 24, 2005 Author Share Posted April 24, 2005 C:\WINDOWS\system32\explr.e3e (CAUTION - executable file) and O20 - Winlogon Notify: explr - C:\WINDOWS\SYSTEM32\explr.dll Oh yea, explr is my personal keylogger, great way to manage what goes on in my computer :wink: Lol :| You do relise I think it's illegal if you don't tell people you're doing it. ohhhh, I am a rebel! Fight the man!! lol... No, I mean I just have it for LAN parties and such. Usually around 6 A.M. I will go to sleep (fragging makes you tierd) I then set my screen saver to 1 minute and throw on the password protect. We tend to play a lot of pranks on each other and I don't want them messing with my comp. Drawing on a sleeping person is one thing, mauling their computer is another. My friend had another friend put a program put on his computer that would delete 1 random file everytime he booted up. He ended up having an overheating problem so he rebooted over and over... eventually to the point to that "one random file" being a system file... lol Another time, someone opened a friends case and hid his car keys in it. He woke up the next morning late for work and unable to find his keys... when he fianlly figured out where the kid hid them, he also found out the kid fryed his video card (moron lol) Why am I babbling on? Oh because I didn't sleep good last night and I am tierd as hell, so I will share some more stories later on when I die :lol: ... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now