[Solved] HijackThis log look it over please (merged)

Discussion in 'adware, spyware & hijack cleaning' started by Chief ADFP, May 11, 2004.

Thread Status:
Not open for further replies.
  1. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Logfile of HijackThis v1.97.7
    Scan saved at 9:44:04 PM, on 5/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\GWHotKey.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\WinTV\WinTV2K.EXE
    C:\PROGRA~1\Digimarc\IMAGEB~1\WMCache.exe
    C:\Documents and Settings\Chief ADFP\Desktop\New Folder (2)\HijackThis.exe
    C:\WINDOWS\notepad.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0703562B-7878-4525-880C-4A52CB30B830} - C:\WINDOWS\hwoaet.dll
    O2 - BHO: (no name) - {4E301C75-F1B3-4F23-A03F-ED5F107F400B} - C:\WINDOWS\jxrdo.dll
    O2 - BHO: Digimarc ImageBridge reader BHO for IE - {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files\Digimarc\ImageBridgeReader\RM4IE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - (no file)
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1077594588642
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38040.1034837963
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.126.128.40 216.126.136.250
    O17 - HKLM\System\CS1\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.126.128.40 216.126.136.250

    Please look it over and tell me what you see and i need to do, look when it come to spyware/adware/high jack items i am totally blind to it. so really like to know what is what in this report. thanks
     
    Last edited: May 12, 2004
  2. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Wednesday, May 12, 2004 1:58:52 AM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R303 08.05.2004
    ______________________________________________________

    Reffile status:
    =========================
    Reference file loaded:
    Reference Number : 01R303 08.05.2004
    Internal build : 235
    File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
    Total size : 1096786 Bytes
    Signature data size : 1078166 Bytes
    Reference data size : 18556 Bytes
    Signatures total : 24182
    Target categories : 10
    Target families : 463

    Memory + processor status:
    ==========================
    Number of processors : 1
    Processor architecture : Intel Pentium IV
    Memory available:22 %
    Total physical memory:261424 kb
    Available physical memory:55952 kb
    Total page file size:1022324 kb
    Available on page file:745072 kb
    Total virtual memory:2097024 kb
    Available virtual memory:2057252 kb
    OS:

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file

    Extended Ad-aware Settings
    =========================
    Set : Unload recognized processes during scanning
    Set : Include basic Ad-aware settings in logfile
    Set : Include additional Ad-aware settings in logfile
    Set : Let windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Always back up reference file, before updating
    Set : Play sound if scan produced a result


    5-12-2004 1:58:52 AM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 5-12-2004 3:04:57 AM
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 5-12-2004 3:05:03 AM
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 5-12-2004 3:05:04 AM
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 8/23/2001 4:00:00 PM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 8/23/2001 4:00:00 PM

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 5-12-2004 3:05:04 AM
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 7/19/2002 11:45:32 PM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 8/29/2002 10:41:26 AM

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 5-12-2004 3:05:08 AM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/23/2001 4:00:00 PM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 8/23/2001 4:00:00 PM

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 5-12-2004 3:05:08 AM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/23/2001 4:00:00 PM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 8/23/2001 4:00:00 PM

    #:7 [incdsrv.exe]
    FilePath : C:\Program Files\Ahead\InCD\
    ThreadCreationTime : 5-12-2004 3:05:09 AM
    BasePriority : Normal
    FileSize : 828 KB
    FileVersion : 4, 1, 5, 10
    ProductVersion : 4, 1, 5, 10
    Copyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
    CompanyName : Ahead Software AG
    FileDescription : incdsrv
    InternalName : incdsrv
    OriginalFilename : incdsrv.exe
    ProductName : Ahead Software AG incdsrv
    Created on : 4/25/2004 8:42:30 AM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 2/27/2004 9:02:02 PM

    #:8 [smc.exe]
    FilePath : C:\Program Files\Sygate\SPF\
    ThreadCreationTime : 5-12-2004 3:05:10 AM
    BasePriority : Normal
    FileSize : 2289 KB
    FileVersion : 5.5.00.2525
    ProductVersion : 5.5.00.2525
    Copyright : Copyright
    CompanyName : Sygate Technologies, Inc.
    FileDescription : Sygate Agent Firewall
    InternalName : Smc
    OriginalFilename : Smc.EXE
    ProductName : Sygate
    Created on : 12/24/2003 7:44:56 PM
    Last accessed : 5/12/2004 6:15:40 AM
    Last modified : 12/24/2003 7:44:56 PM

    #:9 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 5-12-2004 3:05:13 AM
    BasePriority : Normal
    FileSize : 973 KB
    FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
    ProductVersion : 6.00.2800.1221
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 5/12/2003 5:12:10 AM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 5/12/2003 5:12:10 AM

    #:10 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 5-12-2004 3:05:16 AM
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 8/23/2001 4:00:00 PM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 8/23/2001 4:00:00 PM

    #:11 [devldr32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 5-12-2004 3:05:22 AM
    BasePriority : Normal
    FileSize : 25 KB
    FileVersion : 1, 0, 0, 22
    ProductVersion : 1, 0, 0, 22
    Copyright : Copyright
    CompanyName : Creative Technology Ltd.
    FileDescription : DevLdr32
    InternalName : DevLdr
    OriginalFilename : DevLdr32.exe
    ProductName : Creative Ring3 NT Inteface
    Created on : 2/22/2004 10:41:57 AM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 3/21/2001 10:27:00 PM

    #:12 [aswupdsv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ThreadCreationTime : 5-12-2004 3:05:22 AM
    BasePriority : Normal
    FileSize : 52 KB
    Created on : 4/22/2004 2:20:08 AM
    Last accessed : 5/12/2004 6:41:01 AM
    Last modified : 4/21/2004 2:22:39 PM

    #:13 [jusched.exe]
    FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\
    ThreadCreationTime : 5-12-2004 3:05:23 AM
    BasePriority : Normal
    FileSize : 32 KB
    Created on : 2/23/2068 4:44:46 AM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 2/23/2004 4:44:44 AM

    #:14 [ashdisp.exe]
    FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
    ThreadCreationTime : 5-12-2004 3:05:23 AM
    BasePriority : Normal
    FileSize : 96 KB
    FileVersion : 4, 1, 357, 0
    ProductVersion : 4, 1, 0, 0
    Copyright : Copyright (c) 2003 ALWIL Software
    FileDescription : avast! service GUI component
    InternalName : aswDisp
    OriginalFilename : aswDisp.exe
    ProductName : avast! Antivirus
    Created on : 4/22/2004 2:20:08 AM
    Last accessed : 5/12/2004 6:41:01 AM
    Last modified : 4/21/2004 2:28:58 PM

    #:15 [incd.exe]
    FilePath : C:\Program Files\Ahead\InCD\
    ThreadCreationTime : 5-12-2004 3:05:23 AM
    BasePriority : Normal
    FileSize : 1240 KB
    FileVersion : 4, 1, 5, 10
    ProductVersion : 4, 1, 5, 10
    Copyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
    CompanyName : Ahead Software AG
    FileDescription : InCD
    InternalName : InCD
    OriginalFilename : InCD.exe
    ProductName : Ahead Software AG InCD
    Created on : 4/25/2004 8:42:29 AM
    Last accessed : 5/12/2004 6:58:53 AM
    Last modified : 2/27/2004 9:02:32 PM

    #:16 [gwhotkey.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 5-12-2004 3:05:23 AM
    BasePriority : Normal
    FileSize : 96 KB
    FileVersion : 6.5
    ProductVersion : 6.5
    Copyright : Copyright
    CompanyName : BillP Studios
    FileDescription : Multi-function Keyboard By Bill Pytlovany
    ProductName : Gateway Multi-function Keyboard Utility
    Created on : 4/26/2004 10:05:29 AM
    Last accessed : 5/12/2004 6:58:53 AM
    Last modified : 8/28/2001 4:13:28 PM

    #:17 [popups~1.exe]
    FilePath : C:\PROGRA~1\PANICW~1\POP-UP~1\
    ThreadCreationTime : 5-12-2004 3:05:23 AM
    BasePriority : Normal
    FileSize : 496 KB
    FileVersion : 1, 60, 0, 1002
    ProductVersion : 1, 60, 0, 1002
    Copyright : Copyright (C) 2002-2004
    CompanyName : Panicware, Inc.
    FileDescription : Pop-Up Stopper Professional
    InternalName : Pop-Up Stopper Professional
    OriginalFilename : PSProfessional.exe
    ProductName : Pop-Up Stopper Professional

    #:18 [ashserv.exe]
    FilePath : C:\Program Files\Alwil Software\Avast4\
    ThreadCreationTime : 5-12-2004 3:05:24 AM
    BasePriority : High
    FileSize : 68 KB
    FileVersion : 4, 1, 357, 0
    ProductVersion : 4, 1, 0, 0
    Copyright : Copyright (c) 2003 ALWIL Software
    FileDescription : avast! antivirus service
    InternalName : aswServ
    OriginalFilename : aswServ.exe
    ProductName : avast! Antivirus
    Created on : 4/22/2004 2:20:08 AM
    Last accessed : 5/12/2004 6:41:01 AM
    Last modified : 4/21/2004 2:28:55 PM

    #:19 [ctsvccda.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 5-12-2004 3:05:29 AM
    BasePriority : Normal
    FileSize : 43 KB
    FileVersion : 1.0.1.0
    ProductVersion : 1.0.0.0
    Copyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
    CompanyName : Creative Technology Ltd
    FileDescription : Creative Service for CDROM Access
    InternalName : CTsvcCDAEXE
    OriginalFilename : CTsvcCDA.EXE
    ProductName : Creative Service for CDROM Access
    Created on : 2/23/2004 1:08:50 AM
    Last accessed : 5/12/2004 6:58:53 AM
    Last modified : 12/13/1999 9:01:00 AM

    #:20 [mxtask.exe]
    FilePath : C:\PROGRA~1\VCOM\Fix-It\
    ThreadCreationTime : 5-12-2004 3:05:29 AM
    BasePriority : Normal
    FileSize : 180 KB
    FileVersion : 5.0.0.7
    Copyright : Copyright
    CompanyName : V Communications, Inc.
    FileDescription : The background task server
    InternalName : MXTask
    OriginalFilename : MXTask.exe
    Created on : 6/11/2003 12:31:00 AM
    Last accessed : 5/12/2004 6:58:53 AM
    Last modified : 6/11/2003 12:31:00 AM

    #:21 [appservices.exe]
    FilePath : C:\PROGRA~1\Iomega\System32\
    ThreadCreationTime : 5-12-2004 3:05:29 AM
    BasePriority : Normal
    FileSize : 72 KB
    FileVersion : 2, 0, 4, 2
    ProductVersion : 2, 0, 4, 2
    Copyright : Copyright
    CompanyName : Iomega Corporation
    FileDescription : AppServices
    InternalName : AppServices
    OriginalFilename : AppService.exe
    ProductName : Iomega App Services
    Created on : 9/24/2003 6:01:05 PM
    Last accessed : 5/12/2004 6:58:53 AM
    Last modified : 9/24/2003 2:00:34 PM

    #:22 [nvsvc32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 5-12-2004 3:05:30 AM
    BasePriority : Normal
    FileSize : 108 KB
    FileVersion : 6.14.10.5672
    ProductVersion : 6.14.10.5672
    Copyright : (C) NVIDIA Corporation. All rights reserved.
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 56.72
    InternalName : NVSVC
    OriginalFilename : nvsvc32.exe
    ProductName : NVIDIA Driver Helper Service, Version 56.72
    Created on : 3/24/2004 3:04:00 PM
    Last accessed : 5/12/2004 6:58:53 AM
    Last modified : 3/24/2004 3:04:00 PM

    #:23 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 5-12-2004 3:05:30 AM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/23/2001 4:00:00 PM
    Last accessed : 5/12/2004 6:58:52 AM
    Last modified : 8/23/2001 4:00:00 PM

    #:24 [mxtask.exe]
    FilePath : C:\PROGRA~1\VCOM\Fix-It\
    ThreadCreationTime : 5-12-2004 3:06:37 AM
    BasePriority : Normal
    FileSize : 180 KB
    FileVersion : 5.0.0.7
    Copyright : Copyright
    CompanyName : V Communications, Inc.
    FileDescription : The background task server
    InternalName : MXTask
    OriginalFilename : MXTask.exe
    Created on : 6/11/2003 12:31:00 AM
    Last accessed : 5/12/2004 6:58:53 AM
    Last modified : 6/11/2003 12:31:00 AM

    #:25 [wintv2k.exe]
    FilePath : C:\Program Files\WinTV\
    ThreadCreationTime : 5-12-2004 3:33:51 AM
    BasePriority : Normal
    FileSize : 3480 KB
    FileVersion : 4.0.21126
    ProductVersion : 4.0.21126
    Copyright : Copyright (C) 1998-2003 Hauppauge Computer Works, Inc.
    CompanyName : Hauppauge Computer Works
    FileDescription : WinTV2000 Application
    InternalName : WinTV2K
    OriginalFilename : WinTV2K.EXE
    ProductName : WinTV2000 Application
    Created on : 2/22/2004 10:51:53 AM
    Last accessed : 5/12/2004 6:39:20 AM
    Last modified : 5/6/2003 11:16:32 PM

    #:26 [taskmgr.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 5-12-2004 3:55:26 AM
    BasePriority : High
    FileSize : 125 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : Windows TaskManager
    InternalName : taskmgr
    OriginalFilename : taskmgr.exe
    ProductName : Microsoft
    Created on : 2/23/2004 6:12:51 AM
    Last accessed : 5/12/2004 6:58:53 AM
    Last modified : 8/29/2002 10:41:28 AM

    #:27 [wmcache.exe]
    FilePath : C:\PROGRA~1\Digimarc\IMAGEB~1\
    ThreadCreationTime : 5-12-2004 4:47:58 AM
    BasePriority : Normal
    FileSize : 332 KB
    FileVersion : 2.51.0048
    ProductVersion : 2.51.0048
    Copyright : Copyright
    CompanyName : Digimarc Corporation
    FileDescription : Watermark Cache Server
    InternalName : Watermark Cache Server
    OriginalFilename : WMCache.dll
    Created on : 2/24/2004 7:43:43 AM
    Last accessed : 5/12/2004 6:58:53 AM
    Last modified : 3/18/2002 11:36:02 PM

    #:28 [idman.exe]
    FilePath : C:\Program Files\Internet Download Manager\
    ThreadCreationTime : 5-12-2004 5:08:48 AM
    BasePriority : Normal
    FileSize : 447 KB
    FileVersion : 4, 0, 1, 2
    ProductVersion : 4, 0, 1, 2
    Copyright : Copyright (C) 2003
    CompanyName : Internet Download Manager Corp., Tonec Inc.
    FileDescription : Internet Download Manager Application (IDM)
    InternalName : Internet Download Manager
    OriginalFilename : IDMan.exe
    ProductName : Internet Download Manager (IDM)
    Created on : 4/22/2004 1:34:39 PM
    Last accessed : 5/12/2004 6:58:54 AM
    Last modified : 4/30/2004 1:46:38 PM

    #:29 [snagit32.exe]
    FilePath : C:\Program Files\TechSmith\SnagIt 7\
    ThreadCreationTime : 5-12-2004 5:45:16 AM
    BasePriority : Normal
    FileSize : 3248 KB
    FileVersion : 7.0.3.0
    ProductVersion : 7.0.3
    Copyright : Copyright
    CompanyName : TechSmith Corporation
    FileDescription : SnagIt Screen Capture for Windows
    InternalName : SNAGIT
    OriginalFilename : SNAGIT32.EXE
    ProductName : SnagIt
    Created on : 4/17/2004 10:33:54 AM
    Last accessed : 5/12/2004 6:58:54 AM
    Last modified : 1/26/2004 12:03:00 PM

    #:30 [tschelp.exe]
    FilePath : C:\Program Files\TechSmith\SnagIt 7\
    ThreadCreationTime : 5-12-2004 5:45:19 AM
    BasePriority : Normal
    FileSize : 25 KB
    FileVersion : 1.0.0
    ProductVersion : 1, 0, 0, 0
    Copyright : Copyright
    CompanyName : TechSmith Corporation
    FileDescription : TechSmith HTML Help Helper
    InternalName : TscHelp
    OriginalFilename : TscHelp.exe
    ProductName : TechSmith HTML Help Helper
    Created on : 4/17/2004 10:33:59 AM
    Last accessed : 5/12/2004 6:58:54 AM
    Last modified : 1/26/2004 12:03:00 PM

    #:31 [ad-aware.exe]
    FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
    ThreadCreationTime : 5-12-2004 6:58:23 AM
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 4/26/2004 10:21:49 PM
    Last accessed : 5/12/2004 6:58:24 AM
    Last modified : 7/13/2003 2:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Roings Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\roimoi


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 1


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 1


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    1 entries scanned.
    New objects :0
    Objects found so far: 1




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Roings Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\ssprint


    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 2


    2:03:10 AM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:04:15:708
    Objects scanned :50529
    Objects identified :2
    Objects ignored :0
    New objects :2

    [don't know if this help any]
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: HijackThis log look it over please

    first copy these files and zip them and send to submit@thespykiller.co.uk with a short note referring to this thread
    C:\WINDOWS\hwoaet.dll
    C:\WINDOWS\jxrdo.dll

    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {0703562B-7878-4525-880C-4A52CB30B830} - C:\WINDOWS\hwoaet.dll
    O2 - BHO: (no name) - {4E301C75-F1B3-4F23-A03F-ED5F107F400B} - C:\WINDOWS\jxrdo.dll
    O3 - Toolbar: (no name) - {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - (no file)
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
     
  4. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    Zip-file name: reporting.zip
    File size: 46.3 KB (47,455 bytes)
    e-mail been send out at this time with the attachment

    at this time doing what you have said to do after this post will be following thru after i print it out.
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: HijackThis log look it over please

    OK they both appear to be new versions of Roings, make sure they are fixed as above

    I'm sending them on to the developers to include in updates
     
  6. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    ok all done
    Here the new listing to look over and thank you.

    ==========================================================[MOVE]Thank you so much[/MOVE]
    By the way is Windows Xp Pro (OEM) NTFS/Fat32 Home user
    1-HHD split in to 2-HHD C: (NTFS)main & H: (FAT32) I use this for games online only.
    ==========================================================
    Logfile of HijackThis v1.97.7
    Scan saved at 7:20:29 AM, on 5/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\GWHotKey.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\PROGRA~1\Digimarc\IMAGEB~1\WMCache.exe
    C:\Documents and Settings\Chief ADFP\Desktop\New Folder (2)\HijackThis.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Digimarc ImageBridge reader BHO for IE - {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files\Digimarc\ImageBridgeReader\RM4IE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1077594588642
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38040.1034837963
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.126.128.40 216.126.136.250
    O17 - HKLM\System\CS1\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.126.128.40 216.126.136.250
     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: HijackThis log look it over please

    Turn off system restore by following instructions here
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

    That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

    Read here https://www.wilderssecurity.com/showthread.php?t=27971 for info on how to tighten your security settings and how to help prevent future attacks.

    & it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.
     
  8. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    I did as you said some reason Quicktime got back in?
    Log file:

    Logfile of HijackThis v1.97.7
    Scan saved at 2:13:03 AM, on 5/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\GWHotKey.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\WinTV\WinTV2K.EXE
    C:\PROGRA~1\Digimarc\IMAGEB~1\WMCache.exe
    C:\Documents and Settings\Chief ADFP\Desktop\New Folder (2)\HijackThis.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Digimarc ImageBridge reader BHO for IE - {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files\Digimarc\ImageBridgeReader\RM4IE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1077594588642
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38040.1034837963
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.126.128.40 216.126.136.250
    O17 - HKLM\System\CS1\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.126.128.40 216.126.136.250
    =========End of the HiJackThis log-file===========================
    I remove them to items that ref; to quicktime already please have a 2nd look over the list to see if i need to do more.:oops:
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: HijackThis log look it over please

    it all looks OK now

    No need to worry about quicktime, the only reason for removing it originally was that they have released a security update to cure a massive hole that lets several hijackers on and when it is needed a new updated version would have been prompted to be downloaded, provided you had your security settings set correctly

    Read here https://www.wilderssecurity.com/showthread.php?t=27971 for info on how to tighten your security settings and how to help prevent future attacks.
     
  10. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    I instill Quick time 6 pro Vr 6.5.1
    like to have the new updated log look over please:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:36:38 AM, on 5/23/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\GWHotKey.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\PROGRA~1\Digimarc\IMAGEB~1\WMCache.exe
    C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
    C:\Program Files\WinTV\WinTV2K.EXE
    C:\Documents and Settings\Chief ADFP\Desktop\New Folder (2)\HijackThis.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Digimarc ImageBridge reader BHO for IE - {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files\Digimarc\ImageBridgeReader\RM4IE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1077594588642
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38040.1034837963
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.126.128.40 216.126.136.250
    O17 - HKLM\System\CS1\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.126.128.40 216.126.136.250

    All so it don't list all my drives there are 2 of them C: and H:this is not listed when it dose the scan?
     
  11. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    some how "roings search eng" got back into my system spysweeper found it but i like to double check on it if there no restilling .dll in there some place

    Logfile of HijackThis v1.97.7
    Scan saved at 4:46:20 AM, on 6/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\GWHotKey.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
    C:\PROGRA~1\Digimarc\IMAGEB~1\WMCache.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\The spykiller\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Digimarc ImageBridge reader BHO for IE - {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files\Digimarc\ImageBridgeReader\RM4IE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: 42 AC Plug.lnk = C:\Program Files\iOpus-AC-Plug\acplug.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1077594588642
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38040.1034837963
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 66.19.192.200 216.126.128.40
    O17 - HKLM\System\CS1\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 66.19.192.200 216.126.128.40
     
  12. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: HijackThis log look it over please

    no obvious signs of problems

    Read here https://www.wilderssecurity.com/showthread.php?t=27971 for info on how to tighten your security settings and how to help prevent future attacks.

    & go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.
     
  13. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    :rolleyes: I ran Ad-aware 6.0 and it found all these goodies:

    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Friday, June 04, 2004 5:11:37 AM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R314 02.06.2004


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CURRENT_USER
    Object : SOFTWARE\Apropos


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 1


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 1


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Warning!
    Bad hosts file entry:127.0.0.1:hotsearchbox.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:hotsearchbox.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.hotsearchbox.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.hotsearchbox.com

    Warning!
    Bad hosts file entry:127.0.0.1:searchxl.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:searchxl.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.searchxl.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.searchxl.com

    Warning!
    Bad hosts file entry:127.0.0.1:i-lookup.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:i-lookup.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.i-lookup.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.i-lookup.com

    Warning!
    Bad hosts file entry:127.0.0.1:hotwebsearch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:hotwebsearch.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.hotwebsearch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.hotwebsearch.com

    Warning!
    Bad hosts file entry:127.0.0.1:mysearchnow.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:mysearchnow.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.mysearchnow.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.mysearchnow.com

    Warning!
    Bad hosts file entry:127.0.0.1:1-se.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:1-se.com

    Warning!
    Bad hosts file entry:127.0.0.1:aifind.info


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:aifind.info

    Warning!
    Bad hosts file entry:127.0.0.1:alfa-search.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:alfa-search.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.alfa-search.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.alfa-search.com

    Warning!
    Bad hosts file entry:127.0.0.1:allneedsearch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:allneedsearch.com

    Warning!
    Bad hosts file entry:127.0.0.1:approvedlinks.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:approvedlinks.com

    Warning!
    Bad hosts file entry:127.0.0.1:find-itnow.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:find-itnow.com

    Warning!
    Bad hosts file entry:127.0.0.1:just.find-itnow.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:just.find-itnow.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.find-itnow.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.find-itnow.com

    Warning!
    Bad hosts file entry:127.0.0.1:firstbookmark.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:firstbookmark.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.firstbookmark.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.firstbookmark.com

    Warning!
    Bad hosts file entry:127.0.0.1:ie-search.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:ie-search.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.ie-search.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.ie-search.com

    Warning!
    Bad hosts file entry:127.0.0.1:lookfor.cc


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:lookfor.cc

    Warning!
    Bad hosts file entry:127.0.0.1:www.lookfor.cc


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.lookfor.cc

    Warning!
    Bad hosts file entry:127.0.0.1:eek:mega-search.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:eek:mega-search.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.omega-search.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.omega-search.com

    Warning!
    Bad hosts file entry:127.0.0.1:power-search.info


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:power-search.info

    Warning!
    Bad hosts file entry:127.0.0.1:www.power-search.info


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.power-search.info

    Warning!
    Bad hosts file entry:127.0.0.1:rightfinder.net


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:rightfinder.net

    Warning!
    Bad hosts file entry:127.0.0.1:www.rightfinder.net


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.rightfinder.net

    Warning!
    Bad hosts file entry:127.0.0.1:search-dot.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:search-dot.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.search-dot.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.search-dot.com

    Warning!
    Bad hosts file entry:127.0.0.1:super-spider.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:super-spider.com

    Warning!
    Bad hosts file entry:127.0.0.1:t.rack.cc


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:t.rack.cc

    Warning!
    Bad hosts file entry:127.0.0.1:webcoolsearch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:webcoolsearch.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.webcoolsearch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.webcoolsearch.com

    Warning!
    Bad hosts file entry:127.0.0.1:in.webcounter.cc


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:in.webcounter.cc

    Warning!
    Bad hosts file entry:127.0.0.1:www.windowws.cc


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.windowws.cc

    Warning!
    Bad hosts file entry:127.0.0.1:world-search.biz


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:world-search.biz

    Warning!
    Bad hosts file entry:127.0.0.1:xwebsearch.biz


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:xwebsearch.biz

    Warning!
    Bad hosts file entry:127.0.0.1:search-1.net


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:search-1.net

    Warning!
    Bad hosts file entry:127.0.0.1:searchmyrequest.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:searchmyrequest.com

    Warning!
    Bad hosts file entry:127.0.0.1:therealsearch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:therealsearch.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.therealsearch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.therealsearch.com

    Warning!
    Bad hosts file entry:127.0.0.1:find4u.net


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:find4u.net

    Warning!
    Bad hosts file entry:127.0.0.1:www.find4u.net


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.find4u.net

    Warning!
    Bad hosts file entry:127.0.0.1:searchforge.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:searchforge.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.searchforge.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.searchforge.com

    Warning!
    Bad hosts file entry:127.0.0.1:hugesearch.net


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:hugesearch.net

    Warning!
    Bad hosts file entry:127.0.0.1:www.hugesearch.net


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.hugesearch.net

    Warning!
    Bad hosts file entry:127.0.0.1:www.search-and-go.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.search-and-go.com

    Warning!
    Bad hosts file entry:127.0.0.1:008i.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:008i.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.008i.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.008i.com

    Warning!
    Bad hosts file entry:127.0.0.1:searchv.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:searchv.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.searchv.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.searchv.com

    Warning!
    Bad hosts file entry:127.0.0.1:websearch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:websearch.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.websearch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.websearch.com

    Warning!
    Bad hosts file entry:127.0.0.1:search.ieplugin.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:search.ieplugin.com

    Warning!
    Bad hosts file entry:127.0.0.1:startium.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:startium.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.startium.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.startium.com

    Warning!
    Bad hosts file entry:127.0.0.1:searchbar.findthewebsiteyouneed.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:searchbar.findthewebsiteyouneed.com

    Warning!
    Bad hosts file entry:127.0.0.1:default-homepage-network.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:default-homepage-network.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.default-homepage-network.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.default-homepage-network.com

    Warning!
    Bad hosts file entry:127.0.0.1:searchcentrix.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:searchcentrix.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.searchcentrix.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.searchcentrix.com

    Warning!
    Bad hosts file entry:127.0.0.1:connect.online-dialer.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:connect.online-dialer.com

    Warning!
    Bad hosts file entry:127.0.0.1:0190-dialer.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:0190-dialer.com

    Warning!
    Bad hosts file entry:127.0.0.1:couldnotfind.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:couldnotfind.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.couldnotfind.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.couldnotfind.com

    Warning!
    Bad hosts file entry:127.0.0.1:slotch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:slotch.com

    Warning!
    Bad hosts file entry:127.0.0.1:www.slotch.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:www.slotch.com

    Warning!
    Bad hosts file entry:127.0.0.1:install.xxxtoolbar.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 127.0.0.1
    Category : Misc
    Comment : Possible CoolWebSearch Hijack
    Bad Hostfile entry : 127.0.0.1:install.xxxtoolbar.com


    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    4336 entries scanned.
    New objects :73
    Objects found so far: 74




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{A2872B10-39F2-42DF-9335-7DD38CF75255}


    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 75


    5:16:18 AM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:04:40:873
    Objects scanned :62223
    Objects identified :75
    Objects ignored :0
    New objects :75

    Image of the report:
    http://bb.domaindlx.com/ADFP/SS/ad-ware.jpg

    cont:
     
    Last edited: Jun 4, 2004
  14. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    Cont:
    i had it do a scan again this time a deap scan found these items 3ea:

    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Friday, June 04, 2004 1:08:00 PM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R314 02.06.2004

    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    BroadCastPC Object recognized!
    Type : File
    Data : ast_4_mm.exe
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\
    FileSize : 148 KB
    Created on : 4/23/2004 2:36:50 PM
    Last accessed : 6/4/2004 5:25:38 PM
    Last modified : 4/23/2004 3:04:52 PM



    BroadCastPC Object recognized!
    Type : File
    Data : syswast.exe
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\
    FileSize : 148 KB
    Created on : 4/23/2004 3:05:40 PM
    Last accessed : 6/4/2004 5:25:41 PM
    Last modified : 4/23/2004 3:04:54 PM



    Disk scan result for C:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 2


    Deep scanning and examining files (H:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Disk scan result for H:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 2


    Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    4263 entries scanned.
    New objects :0
    Objects found so far: 2




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    BroadCastPC Object recognized!
    Type : File
    Data : at.aut
    Category : Data Miner
    Comment :
    Object : c:\windows\

    Created on : 4/23/2004 3:06:04 PM
    Last accessed : 6/4/2004 5:25:58 PM
    Last modified : 4/23/2004 3:06:04 PM




    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 3


    1:25:59 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:17:58:91
    Objects scanned :170539
    Objects identified :3
    Objects ignored :0
    New objects :3

    did not see it: HijackThis / Spybot - Search & Destroy / SpywareBlaster / Spy Sweeper (www.webroot.com).
     
  15. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Re: HijackThis log look it over please

    Hi ChiefADFP,

    Before you go paranoid on me, read up on what a hosts file does: http://accs-net.com/hosts/

    Regards,

    Pieter
     
  16. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    thanks for the info never know that before.

    what you think be best for me i using Windows Xp pro SP1 (OEM) NTFS/Fat32
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Re: HijackThis log look it over please

    From the looks of it you already have a good hosts file.
    If you use the computer only online for gaming as you stated, I see no reason to get an enormous one.

    Regards,

    Pieter
     
  18. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
  19. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    thank you
     
  20. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please

    sorry for bothering you all but i things are not acting right at all.


    Logfile of HijackThis v1.97.7
    Scan saved at 6:45:08 AM, on 6/14/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Digimarc\IMAGEB~1\WMCache.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\GWHotKey.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\WinTV\WinTV2K.EXE
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\The spykiller\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Digimarc ImageBridge reader BHO for IE - {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files\Digimarc\ImageBridgeReader\RM4IE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Shortcut to Swatch.lnk = C:\Program Files\swatch internet time\Swatch.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1077594588642
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38040.1034837963
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.140.16.254 216.140.17.254
    O17 - HKLM\System\CS1\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.140.16.254 216.140.17.254
     
  21. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    could some one please look it over

    Chief ADFP - I have merged your last posted hjt log into your current thread. Please do not start a new thread for the same computer - snap


    think i am clean but like to double check it.

    Logfile of HijackThis v1.97.7
    Scan saved at 8:49:31 PM, on 6/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\GWHotKey.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
    C:\Program Files\WinTV\WinTV2K.EXE
    C:\PROGRA~1\Digimarc\IMAGEB~1\WMCache.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\The spykiller\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Digimarc ImageBridge reader BHO for IE - {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files\Digimarc\ImageBridgeReader\RM4IE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Shortcut to Swatch.lnk = C:\Program Files\swatch internet time\Swatch.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: ICQ 4.0 (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1077594588642
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38040.1034837963
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.140.16.254 216.140.17.254
    O17 - HKLM\System\CS1\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.140.16.254 216.140.17.254
     
    Last edited by a moderator: Jun 22, 2004
  22. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please (merged)

    o_O don't know this for real or a fake report?
    attachment: Delivery error report.dat file size: 315.kbVIRUS ALERT
    Our content checker found
    virus: Worm.SomeFool.Gen-2
    in email presumably from you ~snipped out email addy~, to the following recipient:
    -> sales@autotoyotaparts.com

    Please check your system for viruses,
    or ask your system administrator to do so.

    Delivery of the email was stopped!


    For your reference, here are headers from your email:
    ------------------------- BEGIN HEADERS -----------------------------
    Return-Path: ~snipped out email addy~
    Received: from autotoyotaparts.com (dialup-4.154.241.50.Dial1.Boston1.Level3.net [4.154.241.50])
    by mail.autopartswebsolutions.net (Postfix) with SMTP id 0644E2742B7
    for <sales@autotoyotaparts.com>; Mon, 21 Jun 2004 17:20:18 -0400 (EDT)
    From: ~snipped out email addy~
    To: sales@autotoyotaparts.com
    Subject: information
    Date: Mon, 21 Jun 2004 17:21:01 -0400
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="47126718"
    Message-Id: <20040621212018.0644E2742B7@mail.autopartswebsolutions.net>
    -------------------------- END HEADERS ------------------------------



    --------------------------------------------------------------------------------


    Received: from autotoyotaparts.com (dialup-4.154.241.50.Dial1.Boston1.Level3.net [4.154.241.50])
    by mail.autopartswebsolutions.net (Postfix) with SMTP id 0644E2742B7
    for <sales@autotoyotaparts.com>; Mon, 21 Jun 2004 17:20:18 -0400 (EDT)
    From: ~snipped out email addy~
    To: sales@autotoyotaparts.com
    Subject: information
    Date: Mon, 21 Jun 2004 17:21:01 -0400
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="47126718"
    Message-Id: <20040621212018.0644E2742B7@mail.autopartswebsolutions.net>
     
    Last edited by a moderator: Jun 22, 2004
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Re: HijackThis log look it over please (merged)

    I would edit the emailadresses out of that post before the harvesters get them.
    This is exactly the way to increase the amount of that sort of mail.

    You getting such a mail, does not mean you are infected, but someone with your email addres stored on his computer is infected.

    Regards,

    Pieter
     
  24. Chief ADFP

    Chief ADFP Registered Member

    Joined:
    May 11, 2004
    Posts:
    37
    Location:
    U.S.A Fla
    Re: HijackThis log look it over please (merged)

    I had some clair ad-ware in the system Spybot S&D did not see all of it, but Ad-ware 6.0 did see some of it, please let me know it all clear and good to go.

    Logfile of HijackThis v1.98.0
    Scan saved at 4:41:37 AM, on 7/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\GWHotKey.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\WinTV\WinTV2K.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\The spykiller\HijackThis\HijackThis.exe

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: WackGet Browser Helper Object - {248B131E-01EA-4587-8EFE-1D915E143D5E} - C:\Program Files\WackGet\WGDLL.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Digimarc ImageBridge reader BHO for IE - {6D6F1AF0-DDCB-477F-A896-5D75E53B80A3} - C:\Program Files\Digimarc\ImageBridgeReader\RM4IE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: WackGet it! - C:\Program Files\WackGet\wgbho.js
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - (no file) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.140.16.254 216.140.17.254
    O17 - HKLM\System\CS1\Services\Tcpip\..\{709D9B5E-E159-4081-A11E-E88A0CEB0CB4}: NameServer = 216.140.16.254 216.140.17.254
     
    Last edited: Jul 20, 2004
  25. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Re: HijackThis log look it over please (merged)

    Hi Chief ADFP,

    Your log looks clean.

    There's a few things you can fix if you want.

    In Hijackthis, place a check beside the following.
    Make sure all browsers are closed, then click *Fix checked:

    This one means you had a crash at some point, and Windows puts it in your startup. You can fix this one.

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


    This one is not needed at startup. http://www.windowsstartup.com/wso/detail.php?id=4062

    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

    If you choose not to use it, or do not want to keep it, you can uninstall the PCDoctor through the Add/Remove Programs.

    Regards,

    snap
     
Thread Status:
Not open for further replies.