|
|
#1
November 16th, 2003, 01:02 AM
|
|||
|
|||
re:hijackthis log
I just downloaded HijackThis and would like someone to check this log out for me. I am not very computer savy(so please explain everything) but this was recommended to me to try as someone has gotten our credit card number and made two charges on our card without our knowledge. How they did it,..we aren't sure but we did order online about two weeks prior to this happening..so did they get it online? They also had our phone number,.. but one number off,..they also were sending the packages to us!(waiting for UPS to leave it outside,.and then pick it up?) Anyway..it seems I have alot here compared to others..well here it is........
Logfile of HijackThis v1.97.6 Scan saved at 10:40:01 PM, on 11/15/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\ShopSafe\ShopSafe.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Sierra\Planner\PLNRnote.exe C:\Program Files\Webshots\WebshotsTray.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highstream.net/members/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = - O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O9 - Extra button: Real.com (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/01e7e3cd11990b768021/netzip/RdxIE601.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea1fd.sea1.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{01EA2C54-E443-481E-96C5-351F349D0729}: NameServer = 65.126.64.2 65.126.64.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{01EA2C54-E443-481E-96C5-351F349D0729}: NameServer = 65.126.64.2 65.126.64.3 |
|
#2
November 16th, 2003, 01:57 AM
|
||||
|
||||
|
re:hijackthis log
Welcome to wilders senorita
 .Glad to see you made it over here from Majorgeeks  . Someone should be along to help soon with your Hijack This log......and any other troubleshooting that may be needed.Regards, Jade.
__________________
Ghost Security Products DiamondCS Products -------- Trojan/Malware Submission |
|
#3
November 16th, 2003, 06:46 AM
|
||||
|
||||
|
re:hijackthis log
That's a clean log. No further recommendations.
Your problems probably stem from the fact that you're not running a firewall, and you NEED one. Have a look here for some suggestions: http://www.wilders.org/firewalls.htm Cheers,
__________________
Tony < > CLSID List - A Collection of Autostart Locations |
|
#4
November 16th, 2003, 06:52 AM
|
||||
|
||||
|
re:hijackthis log
Installing SP1 for IE6 and all the security patches that followed might be another good idea.
Regards, Pieter
__________________
Regards, Pieter It´s nice to be important, but it´s more important to be nice. Remove & Prevent spyware It's human to make mistakes. It's even more so to blame the computer for it. |
|
#5
November 16th, 2003, 07:00 AM
|
||||
|
||||
|
re:hijackthis log
__________________
Tony < > CLSID List - A Collection of Autostart Locations |
|
#6
November 16th, 2003, 05:16 PM
|
|||
|
|||
|
re:hijackthis log
I already have the firewall that comes with XP home edition,..is that enough? And thanks so much for reviewing my log..I appreciate it!!!!!!!! Oh,..and I did install the security patches they recommended..unless there are some new ones I don't know about. (not sure I know what SP1 for IE6 is.......)security patch 1 for internet explorer 6
 ? |
|
#7
November 16th, 2003, 05:33 PM
|
||||
|
||||
|
re:hijackthis log
It's the Service Pack. You'll find it here:
http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.asp After installing it, in Internet Explorer gp to Tools > Windows Update Press "Scan for Updates". All patches not yet installed will be listed in the "Critical Updates and Service Packs" section and you'll need to install them all. Good luck,
__________________
Tony < > CLSID List - A Collection of Autostart Locations |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
