• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
v0lc0m_x

please help!

4 posts in this topic

i've been having problems recently. i run xp home edition and my task manager and regedit has been "disallowed by administrator". other people have told me to run gpedit.msc, but i don't run xp professional. here's my log, please check it and reply with any suggestions, thank you very much.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 2:17:36 PM, on 6/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\LEXPPS.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\sysnr.exe

C:\WINNT\system32\explorer.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\igfxtray.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\System32\SK9910DM.EXE

C:\WINNT\GWMDMMSG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\PhoneTools\CapFax.EXE

C:\program files\desksite\bin\cma.exe

C:\Program Files\Winamp\Winampa.exe

C:\WINNT\wt\updater\wcmdmgr.exe

C:\Program Files\Common Files\slmss\slmss.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Defender Pro Anti Spam\admin.exe

C:\WINNT\system32\d3nw.exe

C:\WINNT\System32\mssrv.exe

C:\WINNT\system32\mod32.exe

C:\Program Files\Defender Pro Anti Spam\dpantispam.exe

C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe

C:\Program Files\CallWave\IAM.exe

C:\WINNT\System32\wuauclt.exe

C:\WINNT\system32\Restore\rstrui.exe

C:\WINNT\ActiveXExe\VTTLLV.EXE

C:\Program Files\Remote Task Manager\RTMService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\hijackthis1977\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://aymqj.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\aymqj.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {4188D241-C00D-FEDE-5985-F8214B58D1A2} - C:\WINNT\addox.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE

O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe

O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [RDLL] RunDll16.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [freecell2] C:\WINDOWS\System32\freecell2.exe

O4 - HKLM\..\Run: [Windows Telnet Server] wintel.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"

O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe

O4 - HKLM\..\Run: [explorer] C:\WINNT\System32\explorer.exe

O4 - HKLM\..\Run: [d3nw.exe] C:\WINNT\system32\d3nw.exe

O4 - HKLM\..\Run: [appnt32.exe] C:\WINNT\system32\appnt32.exe

O4 - HKLM\..\Run: [Microsoft Services] mssrv.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINNT\System32\atlhiu.exe

O4 - HKLM\..\Run: [Wintask] C:\WINNT\system32\mod32.exe

O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe

O4 - HKLM\..\RunServices: [Windows Telnet Server] wintel.exe

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe

O4 - HKLM\..\RunServices: [Microsoft Services] mssrv.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"

O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe

O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe

O4 - HKCU\..\Run: [Microsoft Services] mssrv.exe

O4 - HKLM\..\RunOnce: [atlst.exe] C:\WINNT\system32\atlst.exe

O4 - HKLM\..\RunOnce: [apipx32.exe] C:\WINNT\system32\apipx32.exe

O4 - HKLM\..\RunOnce: [appem32.exe] C:\WINNT\system32\appem32.exe

O4 - HKLM\..\RunOnce: [ntys.exe] C:\WINNT\ntys.exe

O4 - HKLM\..\RunOnce: [ierh.exe] C:\WINNT\system32\ierh.exe

O4 - HKLM\..\RunOnce: [atlgn.exe] C:\WINNT\atlgn.exe

O4 - HKLM\..\RunOnce: [mscx.exe] C:\WINNT\mscx.exe

O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINNT\crvh.exe

O4 - HKLM\..\RunOnce: [addqf32.exe] C:\WINNT\system32\addqf32.exe

O4 - HKLM\..\RunOnce: [mfckf32.exe] C:\WINNT\mfckf32.exe

O4 - HKLM\..\RunOnce: [sysph.exe] C:\WINNT\system32\sysph.exe

O4 - HKLM\..\RunOnce: [ntst32.exe] C:\WINNT\ntst32.exe

O4 - HKLM\..\RunOnce: [d3ox.exe] C:\WINNT\system32\d3ox.exe

O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINNT\ipmk.exe

O4 - HKLM\..\RunOnce: [netsl.exe] C:\WINNT\netsl.exe

O4 - HKLM\..\RunOnce: [msvy.exe] C:\WINNT\msvy.exe

O4 - HKLM\..\RunOnce: [mfcwk.exe] C:\WINNT\mfcwk.exe

O4 - HKLM\..\RunOnce: [javahz.exe] C:\WINNT\system32\javahz.exe

O4 - HKLM\..\RunOnce: [netme.exe] C:\WINNT\system32\netme.exe

O4 - HKLM\..\RunOnce: [addmz32.exe] C:\WINNT\addmz32.exe

O4 - HKLM\..\RunOnce: [atlwm32.exe] C:\WINNT\atlwm32.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.greg-search.com

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab

O16 - DPF: Yahoo! Games Voice Chat - http://yog55.games.scd.yahoo.com/yog/y/va1_x.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/12b050edad1b3841fa06/...ip/RdxIE601.cab

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7543.7603819444

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC41C58-F8D8-4BD7-B722-EC22C137670F}: NameServer = 216.234.97.2 216.234.97.3

Share this post


Link to post
Share on other sites

hello, i am having several problems as of late. i run XP home edition. i cannot open task manager or regedit because they have been "disallowed by administrator". however, i am on an admin account. i am also getting many pop-ups. my homepage also changes every time i open my browser. i think that may be caused by CW, but the CWshredder failed to fix it. anyway, here is my HijackThis log. any help would be much appreciated. thank you.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 2:17:36 PM, on 6/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\LEXPPS.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\sysnr.exe

C:\WINNT\system32\explorer.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\igfxtray.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\System32\SK9910DM.EXE

C:\WINNT\GWMDMMSG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\PhoneTools\CapFax.EXE

C:\program files\desksite\bin\cma.exe

C:\Program Files\Winamp\Winampa.exe

C:\WINNT\wt\updater\wcmdmgr.exe

C:\Program Files\Common Files\slmss\slmss.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Defender Pro Anti Spam\admin.exe

C:\WINNT\system32\d3nw.exe

C:\WINNT\System32\mssrv.exe

C:\WINNT\system32\mod32.exe

C:\Program Files\Defender Pro Anti Spam\dpantispam.exe

C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe

C:\Program Files\CallWave\IAM.exe

C:\WINNT\System32\wuauclt.exe

C:\WINNT\system32\Restore\rstrui.exe

C:\WINNT\ActiveXExe\VTTLLV.EXE

C:\Program Files\Remote Task Manager\RTMService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\hijackthis1977\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://aymqj.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\aymqj.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {4188D241-C00D-FEDE-5985-F8214B58D1A2} - C:\WINNT\addox.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE

O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe

O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [RDLL] RunDll16.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [freecell2] C:\WINDOWS\System32\freecell2.exe

O4 - HKLM\..\Run: [Windows Telnet Server] wintel.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"

O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe

O4 - HKLM\..\Run: [explorer] C:\WINNT\System32\explorer.exe

O4 - HKLM\..\Run: [d3nw.exe] C:\WINNT\system32\d3nw.exe

O4 - HKLM\..\Run: [appnt32.exe] C:\WINNT\system32\appnt32.exe

O4 - HKLM\..\Run: [Microsoft Services] mssrv.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINNT\System32\atlhiu.exe

O4 - HKLM\..\Run: [Wintask] C:\WINNT\system32\mod32.exe

O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe

O4 - HKLM\..\RunServices: [Windows Telnet Server] wintel.exe

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe

O4 - HKLM\..\RunServices: [Microsoft Services] mssrv.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"

O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe

O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe

O4 - HKCU\..\Run: [Microsoft Services] mssrv.exe

O4 - HKLM\..\RunOnce: [atlst.exe] C:\WINNT\system32\atlst.exe

O4 - HKLM\..\RunOnce: [apipx32.exe] C:\WINNT\system32\apipx32.exe

O4 - HKLM\..\RunOnce: [appem32.exe] C:\WINNT\system32\appem32.exe

O4 - HKLM\..\RunOnce: [ntys.exe] C:\WINNT\ntys.exe

O4 - HKLM\..\RunOnce: [ierh.exe] C:\WINNT\system32\ierh.exe

O4 - HKLM\..\RunOnce: [atlgn.exe] C:\WINNT\atlgn.exe

O4 - HKLM\..\RunOnce: [mscx.exe] C:\WINNT\mscx.exe

O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINNT\crvh.exe

O4 - HKLM\..\RunOnce: [addqf32.exe] C:\WINNT\system32\addqf32.exe

O4 - HKLM\..\RunOnce: [mfckf32.exe] C:\WINNT\mfckf32.exe

O4 - HKLM\..\RunOnce: [sysph.exe] C:\WINNT\system32\sysph.exe

O4 - HKLM\..\RunOnce: [ntst32.exe] C:\WINNT\ntst32.exe

O4 - HKLM\..\RunOnce: [d3ox.exe] C:\WINNT\system32\d3ox.exe

O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINNT\ipmk.exe

O4 - HKLM\..\RunOnce: [netsl.exe] C:\WINNT\netsl.exe

O4 - HKLM\..\RunOnce: [msvy.exe] C:\WINNT\msvy.exe

O4 - HKLM\..\RunOnce: [mfcwk.exe] C:\WINNT\mfcwk.exe

O4 - HKLM\..\RunOnce: [javahz.exe] C:\WINNT\system32\javahz.exe

O4 - HKLM\..\RunOnce: [netme.exe] C:\WINNT\system32\netme.exe

O4 - HKLM\..\RunOnce: [addmz32.exe] C:\WINNT\addmz32.exe

O4 - HKLM\..\RunOnce: [atlwm32.exe] C:\WINNT\atlwm32.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.greg-search.com

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab

O16 - DPF: Yahoo! Games Voice Chat - http://yog55.games.scd.yahoo.com/yog/y/va1_x.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/12b050edad1b3841fa06/...ip/RdxIE601.cab

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7543.7603819444

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC41C58-F8D8-4BD7-B722-EC22C137670F}: NameServer = 216.234.97.2 216.234.97.3

Share this post


Link to post
Share on other sites

i'm not exactly sure what kind of problem i have but no one is helping me in the other forums. please forgive a noob ig i am posing this in the wrong forum. anyway, i'm not sure of what's wrong with my computer (i run XP home edition, by the way). i just know that my task manager and regedit have been "disallowed by administrator". however, i'm on the admin account. anyway here is my HijackThis log. (any help would be greatly appreciated, thank you.)

 

 

Logfile of HijackThis v1.97.7

Scan saved at 2:17:36 PM, on 6/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\LEXPPS.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\sysnr.exe

C:\WINNT\system32\explorer.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\igfxtray.exe

C:\WINNT\System32\hkcmd.exe

C:\WINNT\System32\SK9910DM.EXE

C:\WINNT\GWMDMMSG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\PhoneTools\CapFax.EXE

C:\program files\desksite\bin\cma.exe

C:\Program Files\Winamp\Winampa.exe

C:\WINNT\wt\updater\wcmdmgr.exe

C:\Program Files\Common Files\slmss\slmss.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Defender Pro Anti Spam\admin.exe

C:\WINNT\system32\d3nw.exe

C:\WINNT\System32\mssrv.exe

C:\WINNT\system32\mod32.exe

C:\Program Files\Defender Pro Anti Spam\dpantispam.exe

C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe

C:\Program Files\CallWave\IAM.exe

C:\WINNT\System32\wuauclt.exe

C:\WINNT\system32\Restore\rstrui.exe

C:\WINNT\ActiveXExe\VTTLLV.EXE

C:\Program Files\Remote Task Manager\RTMService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\hijackthis1977\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://aymqj.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\aymqj.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://aymqj.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\aymqj.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {4188D241-C00D-FEDE-5985-F8214B58D1A2} - C:\WINNT\addox.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE

O4 - HKLM\..\Run: [DAupdate] C:\Program Files\NavEnhance\DoubleAgent\DAupdate.exe

O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [RDLL] RunDll16.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [freecell2] C:\WINDOWS\System32\freecell2.exe

O4 - HKLM\..\Run: [Windows Telnet Server] wintel.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"

O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe

O4 - HKLM\..\Run: [explorer] C:\WINNT\System32\explorer.exe

O4 - HKLM\..\Run: [d3nw.exe] C:\WINNT\system32\d3nw.exe

O4 - HKLM\..\Run: [appnt32.exe] C:\WINNT\system32\appnt32.exe

O4 - HKLM\..\Run: [Microsoft Services] mssrv.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINNT\System32\atlhiu.exe

O4 - HKLM\..\Run: [Wintask] C:\WINNT\system32\mod32.exe

O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe

O4 - HKLM\..\RunServices: [Windows Telnet Server] wintel.exe

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe

O4 - HKLM\..\RunServices: [Microsoft Services] mssrv.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"

O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe

O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe

O4 - HKCU\..\Run: [Microsoft Services] mssrv.exe

O4 - HKLM\..\RunOnce: [atlst.exe] C:\WINNT\system32\atlst.exe

O4 - HKLM\..\RunOnce: [apipx32.exe] C:\WINNT\system32\apipx32.exe

O4 - HKLM\..\RunOnce: [appem32.exe] C:\WINNT\system32\appem32.exe

O4 - HKLM\..\RunOnce: [ntys.exe] C:\WINNT\ntys.exe

O4 - HKLM\..\RunOnce: [ierh.exe] C:\WINNT\system32\ierh.exe

O4 - HKLM\..\RunOnce: [atlgn.exe] C:\WINNT\atlgn.exe

O4 - HKLM\..\RunOnce: [mscx.exe] C:\WINNT\mscx.exe

O4 - HKLM\..\RunOnce: [crvh.exe] C:\WINNT\crvh.exe

O4 - HKLM\..\RunOnce: [addqf32.exe] C:\WINNT\system32\addqf32.exe

O4 - HKLM\..\RunOnce: [mfckf32.exe] C:\WINNT\mfckf32.exe

O4 - HKLM\..\RunOnce: [sysph.exe] C:\WINNT\system32\sysph.exe

O4 - HKLM\..\RunOnce: [ntst32.exe] C:\WINNT\ntst32.exe

O4 - HKLM\..\RunOnce: [d3ox.exe] C:\WINNT\system32\d3ox.exe

O4 - HKLM\..\RunOnce: [ipmk.exe] C:\WINNT\ipmk.exe

O4 - HKLM\..\RunOnce: [netsl.exe] C:\WINNT\netsl.exe

O4 - HKLM\..\RunOnce: [msvy.exe] C:\WINNT\msvy.exe

O4 - HKLM\..\RunOnce: [mfcwk.exe] C:\WINNT\mfcwk.exe

O4 - HKLM\..\RunOnce: [javahz.exe] C:\WINNT\system32\javahz.exe

O4 - HKLM\..\RunOnce: [netme.exe] C:\WINNT\system32\netme.exe

O4 - HKLM\..\RunOnce: [addmz32.exe] C:\WINNT\addmz32.exe

O4 - HKLM\..\RunOnce: [atlwm32.exe] C:\WINNT\atlwm32.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.greg-search.com

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab

O16 - DPF: Yahoo! Games Voice Chat - http://yog55.games.scd.yahoo.com/yog/y/va1_x.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/12b050edad1b3841fa06/...ip/RdxIE601.cab

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7543.7603819444

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC41C58-F8D8-4BD7-B722-EC22C137670F}: NameServer = 216.234.97.2 216.234.97.3

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0