If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
hijackthis list, now what
They won't read your log here. You need to go to a
Forum, register, it only takes a minute and post your log there. You need to do it though becuase you do have some problems. FORUMS http://forums.tomcoyote.org/ http://forums.spywareinfo.com/ http://computercops.biz/forums.html http://boards.cexx.org/ http://www.techsupportforums.com/ http://forums.techguy.org/ http://forums.net-integration.net/index.php -----Original Message----- tell me what needs to go Logfile of HijackThis v1.97.7 Scan saved at 6:20:36 PM, on 5/23/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\devldr32.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\ltmsg.exe C:\WINDOWS\DELLMMKB.EXE C:\Program Files\SVA Player\SVAPLAYER.EXE C:\Program Files\Common Files\Totem Shared\Uninstall0001 \upd.exe C:\Program Files\Common Files\Totem Shared\Uninstall0002 \upd.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\psyc.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Kodak\KODAK Software Updater\7288971 \Program\backWeb-7288971.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\Program Files\MSN\MSNIA\msniasvc.exe C:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\PIIHA26S\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...e/defaults/sb/ y msgr/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...e/defaults/stp / ymsgr*http://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...e/defaults/sb/ y msgr/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, (Default) = http://red.clientapps.yahoo.com/cust...e/defaults/su/ y msgr/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\In ternet Settings,ProxyServer = http=127.0.0.1:9022 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\In ternet Settings,ProxyOverride = ;127.0.0.1;local R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id R3 - Default URLSearchHook is missing O1 - Hosts: 207.44.240.65 ads.x10.com O1 - Hosts: 207.44.240.65 images.x10.com O1 - Hosts: 207.44.240.65 count.exitexchange.com O1 - Hosts: 207.44.240.65 servedby.netadvertising.com O1 - Hosts: 207.44.240.65 images.trafficmp.com O1 - Hosts: 207.44.240.65 ads.specificpop.com O1 - Hosts: 207.44.240.65 ads.specificclick.com O1 - Hosts: 207.44.240.65 ads.popupsponsor.com O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com O1 - Hosts: 207.44.240.65 media.fastclick.net O1 - Hosts: 207.44.240.65 media1.fastclick.net O1 - Hosts: 207.44.240.65 media19.fastclick.net O1 - Hosts: 207.44.240.65 media28.fastclick.net O1 - Hosts: 207.44.240.65 media29.fastclick.net O1 - Hosts: 207.44.240.65 media39.fastclick.net O1 - Hosts: 207.44.240.65 adserv.internetfuel.com O1 - Hosts: 207.44.240.65 www.satellitepop.com O1 - Hosts: 207.44.240.65 count.exitexchange.com O1 - Hosts: 207.44.240.65 z1.adserver.com O1 - Hosts: 207.44.240.65 view.atdmt.com O1 - Hosts: 207.44.240.65 servedfor.valuead.com O1 - Hosts: 207.44.240.65 banners.valuead.com O1 - Hosts: 207.44.240.65 img.mediaplex.com O1 - Hosts: 207.44.240.65 media28.fastclick.net O1 - Hosts: 207.44.240.65 media39.fastclick.net O1 - Hosts: 207.44.240.65 media.fastclick.net O1 - Hosts: 207.44.240.65 popuptraffic.com O1 - Hosts: 207.44.240.65 leader.linkexchange.com O1 - Hosts: 207.44.240.65 rad.msn.com O1 - Hosts: 207.44.240.65 view.atdmt.com O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com O1 - Hosts: 207.44.240.65 a.tribalfusion.com O2 - BHO: (no name) - {1D277207-4F9D-4B0A-A9A2- 141E404735BA} - C:\WINDOWS\ibzob.dll O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859- 00A0CCE26836} - C:\PROGRA~1\SVAPLA~1\SVAPLA~1.DLL O2 - BHO: (no name) - {21F2ED8D-2F8C-4C34-B1B8- 1D53CFE9220E} - C:\WINDOWS\mxtrolb.dll O2 - BHO: (no name) - {7927ED03-080D-4B4D-BAE5- 011B9E44F9F8} - C:\WINDOWS\mrtp.dll O2 - BHO: (no name) - {B7E81D02-F2DA-4991-8EBC- 6B7DEFBFD2E0} - C:\WINDOWS\ysnu.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1- 06971E07EAA2} - (no file) O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32 \spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver O4 - HKLM\..\Run: [b3dUpdate] C:\Program Files\G7PS\ZUpdate\ZUpdate.exe -silent - p "C:\WINDOWS\BDE\Update" -s setup.cab O4 - HKLM\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2 \NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1 \LEXMAR~1\ACMonitor_X73.exe O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1 \LEXMAR~1\AcBtnMgr_X73.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dfmizwjj] C:\WINDOWS\psyc.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1 \Sync.exe /q O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo! \Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1 \Symantec\LIVEUP~1\SNDMon.EXE O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971 \Program\backWeb-7288971.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001 \A\ERS_DEF.HTM O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O8 - Extra context menu item: View Original Image - C:\program files\msn\msnia\wa\getoriginal.htm O9 - Extra button: Encarta Encyclopedia (HKLM) O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM) O9 - Extra button: Define (HKLM) O9 - Extra 'Tools' menuitem: Define (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4- dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1084395954328 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.4everyone.com/searchbar/Install.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://cs7.chat.sc5.yahoo.com/v43/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/Shar...nt/vc/bin/AvSn i ff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...ctiveX/winrep. c ab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/3073fe5f86466d0...etzip/RdxIE601 .. cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...hoo.com/games/ p lay/client/exentctl_0_0_0_1.ocx O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.choosedway.com/dwayready/dpcsysinfo.cab O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/oeconfig/MailCfg.cab O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...86/unicode/iuc t l.CAB?37251.6689236111 O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter...l/win2000/SYSs f itb.cab O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://66.197.67.1/mylivecam.exe O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/co...Sasser/20/Sass C ln.CAB O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://www.one2one.com/static/class/one2oneSvc.cab O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://ads.adultcash.com/toolbar/bmeb.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/Shar...nt/sc/bin/cabs a ..cab O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFS.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...e/cabs/flash/s w flash.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/chedownzip.cab O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/tri...s/ForbesDownlo a derSignedAdvertisingcom.cab O16 - DPF: {F1A51F21-59DF-4486-BA31-5B816DA481EB} - http://www.fastseeker.com/toolbar/do...FastSeekerSetu p 1.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8975208A-6632- 48DB-80F8-49E8B97B149B}: NameServer = 205.171.3.65 205.171.9.251 . |
Ads |
Thread Tools | |
Display Modes | |
|
|