Is this Normal? Help pl0x!

[mmcg]

http://img122.echo.cx/img122/5113/wtf9tc.jpg

 

 

 

 

 

 

 

Is the circled thing normal?

 

 

 

 

 

 

 

I need to know!

[Mercifull]

Ahh the mystery of the censored jpeg. Happens to us all at some point in our lives.

 

 

 

 

 

 

 

Reupload with a new name and put in tags or this post will get locked :P

[mmcg]

My picture wouldn't show because of it's name?!

 

 

 

 

 

 

 

WTF?!

[blade995]

you uploaded the picture wrong. All i see it goes back to the main imageshack page.

 

 

 

 

 

 

 

When uploading get the direct link to picture down below. Put it in the tags also.

[mmcg]

Here it is!

 

 

 

 

 

 

 

Tell me if there is something wrong!

 

 

 

 

 

 

 

[Mercifull]

lol *slow claps at IE*

 

 

 

 

 

 

 

Scan your pc with Ad-Aware, Spybot Search&Destroy and post a HijackThis log please.

[tunaboy692004]

hmm, i perfer spywear doctor alot better then HJT and Spyboy S&D

[Mercifull]

hmm, i perfer spywear doctor alot better then HJT and Spyboy S&D

 

 

 

 

 

 

 

HJT isnt an anti spyware program and cannot be compared to spyware doctor as it does a completely different thing.

[Zeldafreek]

Maybe it's because you're running RS at the same time...

[battletrax]

If you were running rs while you took that screenshot, then it's completely normal. If you weren't... that would be a problem...

 

 

 

 

 

 

 

Also, I think the best idea for spyware is using a couple of programs. I use spybot and ms antispyware personally.

[Phil]

If you were running rs while you took that screenshot, then it's completely normal. If you weren't... that would be a problem...

 

 

 

You can see that rs is running in that pic. And I think he will find that that is what is causing the large use of memory.

[mmcg]

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 16:19:38, on 06/06/2005

 

 

 

Platform: Windows XP SP1 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\LEXPPS[Caution: ExecutableFile]

 

 

 

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile]

 

 

 

C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\DSentry[Caution: ExecutableFile]

 

 

 

C:\Program Files\Dell AIO Printer A920\dlbkbmgr[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent[Caution: ExecutableFile]

 

 

 

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian[Caution: ExecutableFile]

 

 

 

C:\Program Files\Dell AIO Printer A920\dlbkbmon[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\j2re1.4.2_06\bin\jusched[Caution: ExecutableFile]

 

 

 

c:\progra~1\mcafee.com\vso\mcvsescn[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

 

 

 

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray[Caution: ExecutableFile]

 

 

 

C:\Program Files\Digital Line Detect\DLG[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\McAfee.com\PERSON~1\Mp[bleep]ent[Caution: ExecutableFile]

 

 

 

c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\r_server[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Serv-U\ServUDaemon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

c:\progra~1\mcafee.com\vso\mcvsftsn[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Pat\Desktop\Mic's Stuff\hijackthis\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/e ... efault.htm

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uk.yahoo.com/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/e ... efault.htm

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/e ... efault.htm

 

 

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = NTSBS:8080

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

 

 

 

O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL

 

 

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

 

 

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

 

 

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\System32\NvCpl.dll,NvStartup

 

 

 

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: ExecutableFile]" /checktask

 

 

 

O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian[Caution: ExecutableFile] /SU

 

 

 

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct[Caution: ExecutableFile] /startup

 

 

 

O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]" /r

 

 

 

O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Pat\Application Data\ttuh[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller[Caution: ExecutableFile] /startup

 

 

 

O4 - Startup: PowerReg Scheduler V3[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Digital Line Detect.lnk = ?

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

 

 

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

 

O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL

 

 

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS[Caution: ExecutableFile]

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - ]http://www.xzoomy.com/media/hoover/fullgames2[Caution: ExecutableFile]

 

 

 

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

 

 

 

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... 002245.cab

 

 

 

O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/ac ... acking.cab

 

 

 

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab

 

 

 

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

 

 

 

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab

 

 

 

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/budicon.cab

 

 

 

O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - ]http://64.237.46.147/uk/gvx143uts6m_wall[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG[Caution: ExecutableFile]" /SERVICE (file missing)

 

 

 

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: ExecutableFile]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]

 

 

 

O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr[Caution: ExecutableFile]

 

 

 

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server[Caution: ExecutableFile]" /service (file missing)

 

 

 

O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon[Caution: ExecutableFile]

 

 

 

 

 

 

 

That is the HijackThis log.

[Mercifull]

Well you can upgrade to SP2 to increase your security, but weve got to get rid of some of this malware first. I presume you already scanned and deleted some of the crap with Ad-aware and Spybot S&D?

 

 

 

 

 

 

 

Is there a reason why you have this as your proxy server? NTSBS:8080

 

 

 

 

 

 

 

"fix" the following

 

 

 

 

 

 

 

• [*:o9ar6k4d]O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey[Caution: ExecutableFile]"
   
   
   
  [*:o9ar6k4d]O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Pat\Application Data\ttuh[Caution: ExecutableFile]
   
   
   
  [*:o9ar6k4d]O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
   
   
   
  [*:o9ar6k4d]O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
   
   
   
  [*:o9ar6k4d]O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} -

]http://www.xzoomy.com/media/hoover/fullgames2[Caution: ExecutableFile]
 
 
 
[*:o9ar6k4d]O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... 002245.cab
 
 
 
[*:o9ar6k4d]O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
 
 
 
[*:o9ar6k4d]O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/budicon.cab
 
 
 
[*:o9ar6k4d]O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - ]http://64.237.46.147/uk/gvx143uts6m_wall[Caution: ExecutableFile]
 
 
 
[*:o9ar6k4d]O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG[Caution: ExecutableFile]" /SERVICE (file missing)
 
 
 
[*:o9ar6k4d]O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server[Caution: ExecutableFile]" /service (file missing)

[battletrax]

 

If you were running rs while you took that screenshot, then it's completely normal. If you weren't... that would be a problem...

 

 

 

You can see that rs is running in that pic. And I think he will find that that is what is causing the large use of memory.

 

 

 

 

 

 

 

Wow... I'm blind... lol :oops: