HijackThis Log -- Please Help!

Discussion in 'adware, spyware & hijack cleaning' started by flounder1st, Jul 18, 2004.

Thread Status:
Not open for further replies.
  1. flounder1st

    flounder1st Registered Member

    Joined:
    Jul 18, 2004
    Posts:
    1
    Location:
    USA
    I've run both Ad-aware and Spybot S&D previous to running HijackThis.

    I have been expiriencing non-stop pop-up ads and unexplained upload activity from my computer to the net.



    Logfile of HijackThis v1.97.7
    Scan saved at 8:46:40 AM, on 7/18/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\WINDOWS\System32\pctspk.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    E:\NEW DRIVE\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CallWave\IAM.exe
    E:\NEW DRIVE\Program Files\MS Works\Calendar\WKCALREM.EXE
    E:\NEW DRIVE\Program Files\DesktopWeather\desktopweather_1182519.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    E:\NEW DRIVE\Program Files\Propel Accelerator\propelac.exe
    E:\NEW DRIVE\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    e:\NEWDRI~1\PROGRA~1\PDADES~1\SmartSync.exe
    E:\NEWDRI~1\PROGRA~1\MSWORK~1\msworks.exe
    C:\Program Files\Connection to IA4U.NET\dialer.exe
    E:\NEW DRIVE\Program Files\MS Works\Calendar\mswkscal.exe
    E:\NEW DRIVE\DOWNLOADS\Apps\Spyware and Adware Protection\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ia4u.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ia4u.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ia4u.net
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\NEW DRIVE\Program Files\Adobe\Acrobat 6.0\INSTALLED\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - E:\NEW DRIVE\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\NEWDRI~1\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
    O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - E:\NEW DRIVE\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
    O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Propel Accelerator] E:\NEWDRI~1\PROGRA~1\PROPEL~1\PROPELAC.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [InCD] E:\NEW DRIVE\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [3FGKSGC3DE#J67] C:\WINDOWS\System32\UbgrXPno.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [LinkZilla] e:\NEWDRI~1\PROGRA~1\PDADES~1\SmartSync.exe
    O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = E:\NEW DRIVE\Program Files\MS Works\Calendar\WKCALREM.EXE
    O4 - Global Startup: desktop weather.lnk = E:\NEW DRIVE\Program Files\DesktopWeather\desktopweather_1182519.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Allow pop-ups from this site - E:\NEW DRIVE\Program Files\Propel Accelerator\pac-addwl.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - E:\NEW DRIVE\Program Files\Propel Accelerator\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - E:\NEW DRIVE\Program Files\Propel Accelerator\pac-image.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://jobs.tntlogistics.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28ab90a3629dc5d58c19/netzip/RdxIE601.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37896.6029282407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6B40FA-0B7B-4CE7-8C7A-60A83E2ED558}: NameServer = 207.179.70.27 207.179.71.27


    "THANX",
    FLOUNDER1st
     
    Last edited: Jul 19, 2004
Thread Status:
Not open for further replies.