Jump to content


Photo

Take a look and let me know


  • This topic is locked This topic is locked
1 reply to this topic

#1 RickyC1

RickyC1

    Member

  • New Member
  • Pip
  • 1 posts

Posted 13 July 2004 - 01:46 PM

All,

Here is my log file. I run adaware and keep getting TopMoxie. I think I'm getting if from my email provider " mail.com " when I log on to get my mail daily.

Thanks in advance.

Logfile of HijackThis v1.98.0
Scan saved at 1:35:38 PM, on 7/13/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\NetShield 2000\Mcshield.exe
C:\Program Files\Network Associates\NetShield 2000\VsTskMgr.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\Program Files\Seagate Software\WCS\pageserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Seagate Software\WCS\WebCompServer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Seagate Software\WCS\cacheserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe
C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Seagate Software\WCS\JobServer.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Network Associates\NetShield 2000\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Novell\GroupWise\Notify.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\PhotoWorks\PhotoWorks Digital Partner\Acquire.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINNT\system32\mdm.exe
C:\WINNT\system32\mmc.exe
C:\Novell\GroupWise\GrpWise.exe
C:\WINNT\system32\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Download\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\NetShield 2000\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [2@KX#9T2GABA6H] C:\WINNT\system32\MtyJ62F.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [msmc] C:\WINNT\system32\msmc.exe
O4 - Startup: PhotoWorks Acquire.lnk = C:\Program Files\PhotoWorks\PhotoWorks Digital Partner\Acquire.exe
O4 - Startup: PhotoWorks Upload Scheduler.lnk = C:\Program Files\PhotoWorks\PhotoWorks Digital Partner\PhotoWorksWiz.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Shortcut to route.bat.lnk = ?
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\ms.exe
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5A66E13A-311D-488B-828D-DDDF52EFB636} (strprint.trprints) - https://partnering.o...scriptPrint.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntmfri.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB86F5E4-3206-488C-9FCA-9D4FB8DFEC12}: NameServer = 10.1.200.45
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntmfri.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{CB86F5E4-3206-488C-9FCA-9D4FB8DFEC12}: NameServer = 10.1.200.45
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ntmfri.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{CB86F5E4-3206-488C-9FCA-9D4FB8DFEC12}: NameServer = 10.1.200.45
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll



#2 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 22 November 2005 - 11:43 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button