nouveau' hijack log

Discussion in 'adware, spyware & hijack cleaning' started by Nouveau, Feb 21, 2004.

Thread Status:
Not open for further replies.
  1. Nouveau

    Nouveau Registered Member

    Joined:
    Feb 14, 2004
    Posts:
    6
    Wow! I'm so impressed by the devotion of you both, Pieter_Arntz & Subratam! :')

    Thanks, Subratam for you help & link! :D

    I just downloaded (again) & updated AD-AWARE & SPYBOT S&D (Step 1 & 2). I just finished scaning & cleaning using them. No spywares! Feww! Thanks, Pieter_Arntz! :D

    Step 3: I also downloaded HiJackThis, and here is the Log, after the scan:


    Logfile of HijackThis v1.97.7
    Scan saved at 7:17:29 PM, on 2/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
    D:\TEMP\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'wps.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37898.1992476852
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6AC851CC-9553-4D81-8FDB-0CAFFEC8C34B}: NameServer = 198.235.216.110 209.226.175.224




    Pieter_Arntz, Subratam, are you still there? Can you read this log, please? Sincerely, I don't understand anything of it! :doubt:

    Usually I don't like reading, especially technical stuff, but today I had to read a lot! Thanks again, Pieter_Arntz & Subratam & all the people who read my post!

    Again: Please Help!

    Regards
     
    Nouveau, Feb 21, 2004
    #1
  2. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    I've split/moved this post to here from over there so it will get the attention it may need ;)

    Detox
     
    Detox, Feb 21, 2004
    #2
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Nice log. :cool:

    Always good to see a clean one.

    Regards,

    Pieter
     
    Pieter_Arntz, Feb 22, 2004
    #3
  4. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Hi nouveau,

    there you are... got master's confirmation :)... and now just control your desires ;).. and surf safe

    take care
     
    subratam, Feb 22, 2004
    #4
  5. Nouveau

    Nouveau Registered Member

    Joined:
    Feb 14, 2004
    Posts:
    6
    Hi, Pieter_Arntz & Subratam!

    First of all, please accept my apologies & please pardon my insolence for not thanking you earlier: I just read your messages! :oops:

    Right after I posted my last post, last week, I made a disk cleanup, and my computer kept asking "please insert Windows XP Service Pack 1" (or something like that) several times, but I always chose the option "cancel", etc. And it took, strangely, +5 minutes to do that (the cleanup), rather than the usual 1-2 minutes! :eek: The next day... I coudn't use my computer anymore!! I got a blank screen with a message "please insert ... and press any key"! :'( :mad:

    So my sister took it to her home and reformat & reinstall...! :oops:

    Thank you, Pieter_Arntz, for taking some of your precious time to study my log! :') :D

    Yes, Subratam, I will bow to the earth before the master!

    ... :oops: ... Thank you for your very wise advices: I will surf the Net less often! :oops:

    Thanks to the moderator Detox for "I've split your Hijackthis log from here and moved it to where it will get the attention it needs". Big thanks for your attention & care for my little person! :')

    Big thanks to Pieter_Arntz & Subratam for taking the time to study my log & for advicing me what to do & Thanks for everything! :D

    Regards & take a good care of yourselves & each others!
     
    Nouveau, Feb 28, 2004
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...