Jump to content


Photo

Hijack this log


  • Please log in to reply
5 replies to this topic

#1 MrO

MrO

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 24 July 2004 - 10:06 PM

I downloaded 'Hijack this' as insttucted, disabled spybot s&d, spyware blaster and spysweeper, ran 'msconfig' and allowed everything and then restarted the computer. allowing it to boot all the way up but not connecting to the internet. Then I did a sweep with Hijack this and saved the log.

The instructions said to show the log to knowledgable people before deleting anything so that's what I'm trying to do here. Can someone on this forum interpret the log and tell me what to delete? I've attached the log file.

Attached Files



#2 MrO

MrO

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 July 2004 - 12:48 PM

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Sunday, July 25, 2004 11:05:19 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R334 24.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R217 08.09.2003
Internal build : 107
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 574398 Bytes
Signature data size : 563299 Bytes
Reference data size : 11035 Bytes
Signatures total : 12937
Target categories : 10
Target families : 267
7-25-2004 10:51:16 AM Performing Webupdate...

Installing Update...
Reference file loaded:
Reference Number : 01R334 24.07.2004
Internal build : 268
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1316091 Bytes
Signature data size : 1295051 Bytes
Reference data size : 20976 Bytes
Signatures total : 28648
Target categories : 10
Target families : 528

7-25-2004 10:51:31 AM Success.
Update successfully downlodaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:261124 kb
Available physical memory:73648 kb
Total page file size:751816 kb
Available on page file:418036 kb
Total virtual memory:2097024 kb
Available virtual memory:2039952 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


7/25/2004 11:05:19 AM - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7/25/2004 1:22:31 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7/25/2004 1:22:36 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7/25/2004 1:22:36 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 8/29/2002 11:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7/25/2004 1:22:36 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 8/29/2002 11:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7/25/2004 1:22:37 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 8/29/2002 11:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7/25/2004 1:22:37 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 8/29/2002 11:00:00 AM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7/25/2004 1:22:38 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 8/29/2002 11:00:00 AM

#:8 [support.exe]
FilePath : C:\Program Files\Common Files\Dell\EUSW\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 288 KB
FileVersion : 2, 0, 0, 34
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Dell
FileDescription : Support
InternalName : Support
OriginalFilename : Support.exe
ProductName : Dell Support
Created on : 12/13/2002 10:05:08 PM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 10/7/2003 10:21:10 PM

#:9 [ctnotify.exe]
FilePath : C:\Program Files\Creative\ShareDLL\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 187 KB
FileVersion : 2.00.05.0
ProductVersion : 2.0
Copyright : Copyright © Creative Technology Ltd. 2001
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : CtNotify
OriginalFilename : CtNotify.exe
ProductName : Creative Disc Detector
Created on : 3/21/2003 1:03:00 AM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 12/26/2001 8:00:00 AM

#:10 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 240 KB
FileVersion : 4, 3, 0, 27
ProductVersion : 4, 3, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
OriginalFilename : mcagent.exe
ProductName : McAfee SecurityCenter
Created on : 6/26/2004 2:16:57 AM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 12/8/2003 8:38:52 PM

#:11 [notifyalert.exe]
FilePath : C:\Program Files\Dell\Support\Alert\bin\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 344 KB
FileVersion : 2.1.0.72
ProductVersion : 2.1.0.72
InternalName : NotifyAlert.exe
OriginalFilename : NotifyAlert.exe
Created on : 10/7/2003 10:20:18 PM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 10/7/2003 10:20:18 PM

#:12 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 160 KB
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
OriginalFilename : mcvsshld.exe
ProductName : McAfee VirusScan
Created on : 10/13/2003 12:01:05 PM
Last accessed : 7/25/2004 4:05:20 PM
Last modified : 8/18/2003 2:50:34 AM

#:13 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 7/25/2004 3:56:25 PM
Last modified : 8/29/2002 11:00:00 AM

#:14 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 664 KB
FileVersion : 5.2.0.91
ProductVersion : 5.2.0.91
Copyright : Copyright © 2001-2002, Roxio, Inc.
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 7/22/2003
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 4/12/2004

#:15 [msgplus.exe]
FilePath : C:\Program Files\Messenger Plus! 3\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 160 KB
FileVersion : 3, 0, 0, 94
ProductVersion : 3, 0, 0, 94
Copyright : Copyright © 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 6/18/2004 1:07:51 PM
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 6/18/2004 1:07:51 PM

#:16 [bits trust.exe]
FilePath : C:\PROGRA~1\PLANCR~1\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 189 KB
Created on : 4/22/2004 11:02:44 PM
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 6/18/2004 1:08:14 PM

#:17 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 96 KB
FileVersion : 6.5
ProductVersion : QuickTime 6.5
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 12/19/2003 4:03:58 AM
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 12/19/2003 4:03:59 AM

#:18 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 408 KB
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
OriginalFilename : mcvsescn.EXE
ProductName : McAfee VirusScan
Created on : 5/29/2004 10:51:59 AM
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 4/28/2004 10:55:12 PM

#:19 [ybrwicon.exe]
FilePath : C:\Program Files\Yahoo!\browser\
ThreadCreationTime : 7/25/2004 1:23:19 AM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
OriginalFilename : YBrwIcon.exe
ProductName : Yahoo!, Inc. YBrwIcon
Created on : 12/26/2003 7:32:52 AM
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 7/11/2003 7:51:16 PM

#:20 [mediadet.exe]
FilePath : C:\Program Files\Creative\ShareDLL\
ThreadCreationTime : 7/25/2004 1:23:20 AM
BasePriority : Normal
FileSize : 163 KB
FileVersion : 2.00.07.0
ProductVersion : 2.00
Copyright : Copyright © Creative Technology Ltd. 2001
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : MediaDet
OriginalFilename : MediaDet.exe
ProductName : Creative Disc Detector
Created on : 3/21/2003 1:03:00 AM
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 4/30/2002 8:00:00 AM

#:21 [xanadu.exe]
FilePath : C:\Program Files\Foreignword\Xanadu\
ThreadCreationTime : 7/25/2004 1:23:20 AM
BasePriority : Normal
FileSize : 800 KB
FileVersion : 1.00.0172
ProductVersion : 1.00.0172
Copyright : Foreignword
CompanyName : Foreignword
FileDescription : Xanadu
InternalName : Xanadu
OriginalFilename : Xanadu.exe
ProductName : Xanadu
Created on : 8/14/2002 10:27:06 PM
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 8/14/2002 10:26:04 PM

#:22 [winampa.exe]
FilePath : C:\Program Files\Winamp3\
ThreadCreationTime : 7/25/2004 1:23:20 AM
BasePriority : Normal
FileSize : 12 KB
Created on : 7/23/2002 4:58:06 PM
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 7/23/2002 4:58:06 PM

#:23 [ycommon.exe]
FilePath : C:\PROGRA~1\Yahoo!\browser\
ThreadCreationTime : 7/25/2004 1:23:21 AM
BasePriority : Normal
FileSize : 212 KB
FileVersion : 2003, 9, 3, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003 Yahoo! Inc.
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
OriginalFilename : YCommon.EXE
ProductName : YCommon Exe Module
Created on : 12/26/2003 7:31:53 AM
Last accessed : 7/25/2004 4:05:21 PM
Last modified : 9/3/2003 7:16:56 PM

#:24 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ThreadCreationTime : 7/25/2004 1:23:21 AM
BasePriority : Normal
FileSize : 32 KB
Created on : 11/19/2003 11:48:18 PM
Last accessed : 7/25/2004 4:05:22 PM
Last modified : 11/19/2003 11:48:14 PM

#:25 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 7/25/2004 1:23:23 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : TODO: © <Company name>. All rights reserved.
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
OriginalFilename : mmtask.exe
ProductName : TODO: <Product name>
Created on : 4/26/2003 7:37:40 PM
Last accessed : 7/25/2004 4:05:22 PM
Last modified : 4/20/2003 2:51:56 AM

#:26 [wkufind.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 7/25/2004 1:23:23 AM
BasePriority : Normal
FileSize : 49 KB
FileVersion : 9.00.0912.0
ProductVersion : 9.00.0912.0
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkUFind
OriginalFilename : WkUFind.exe
ProductName : Update Detection Module
Created on : 9/14/2003 3:36:52 AM
Last accessed : 7/25/2004 4:05:22 PM
Last modified : 9/14/2003 3:36:52 AM

#:27 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 7/25/2004 1:23:24 AM
BasePriority : Normal
FileSize : 224 KB
FileVersion : 4.2.0.72
ProductVersion : 4.2.0.72
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 12/16/2003 6:06:12 PM
Last accessed : 7/25/2004 4:05:22 PM
Last modified : 12/16/2003 6:06:12 PM

#:28 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7/25/2004 1:23:24 AM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 2, 0
ProductVersion : 1, 0, 2, 0
Copyright : Copyright
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
OriginalFilename : DSentry.exe
ProductName : Dell - DVDSentry
Created on : 8/15/2002 12:22:52 AM
Last accessed : 7/25/2004 4:05:22 PM
Last modified : 8/15/2002 12:22:52 AM

#:29 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ThreadCreationTime : 7/25/2004 1:23:25 AM
BasePriority : Normal
FileSize : 360 KB
Created on : 4/12/2003 7:16:22 PM
Last accessed : 7/25/2004 4:05:22 PM
Last modified : 8/2/2002 5:33:20 PM

#:30 [weather.exe]
FilePath : C:\Program Files\AWS\WeatherBug\
ThreadCreationTime : 7/25/2004 1:23:25 AM
BasePriority : Normal
FileSize : 808 KB
FileVersion : 5, 0, 0, 5
ProductVersion : 5, 0, 0, 5
Copyright : Copyright
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
OriginalFilename : WeatherBug.exe
ProductName : AWS, Inc.WeatherBug
Created on : 4/13/2003 7:44:29 AM
Last accessed : 7/25/2004 4:05:22 PM
Last modified : 4/25/2003 7:38:08 PM

#:31 [ypager.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ThreadCreationTime : 7/25/2004 1:23:25 AM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 5, 6, 0, 1356
ProductVersion : 5, 6, 0, 1356
Copyright : Copyright 1998-2003
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
OriginalFilename : YPager.exe
ProductName : Yahoo! Messenger
Created on : 4/12/2003 7:14:39 PM
Last accessed : 7/25/2004 3:47:35 PM
Last modified : 12/5/2003 5:51:56 PM

#:32 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Diagnostics\
ThreadCreationTime : 7/25/2004 1:23:26 AM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
Copyright : Copyright © 2002 Creative Technology Ltd
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
OriginalFilename : diagent.exe
ProductName : Creative Diagnostics Agent
Created on : 3/30/2004
Last accessed : 7/25/2004 4:05:22 PM
Last modified : 1/19/2004

#:33 [ee.exe]
FilePath : C:\Program Files\Evidence Eliminator\
ThreadCreationTime : 7/25/2004 1:23:26 AM
BasePriority : Normal
FileSize : 871 KB
FileVersion : 5.00.0058
ProductVersion : 5.00.0058
Copyright : © 1999 - 2002 Robin Hood Software Ltd. www.evidence-eliminator.com
CompanyName : Robin Hood Software Ltd.
FileDescription : Evidence Eliminator (5.058 Release Build 2)
InternalName : Ee
OriginalFilename : Ee.exe
ProductName : Evidence Eliminator
Created on : 1/4/2004 11:11:25 AM
Last accessed : 7/25/2004 3:47:34 PM
Last modified : 11/28/2003 9:01:40 PM

#:34 [mnyexpr.exe]
FilePath : C:\Program Files\Microsoft Money\System\
ThreadCreationTime : 7/25/2004 1:23:29 AM
BasePriority : Normal
FileSize : 196 KB
FileVersion : 11.00.0716
ProductVersion : 11.00.0716
Copyright : Copyright © Microsoft Corp. 1990-2001. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Express
InternalName : mnyexpr
OriginalFilename : mnyexpr.exe
ProductName : Microsoft Money
Created on : 7/17/2002 5:00:00 PM
Last accessed : 7/25/2004 4:05:23 PM
Last modified : 7/17/2002 5:00:00 PM

#:35 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 7/25/2004 1:23:32 AM
BasePriority : Normal
FileSize : 4768 KB
FileVersion : 6.2.0137
ProductVersion : Version 6.2
Copyright : Copyright © Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 5/28/2004 8:22:04 PM
Last accessed : 7/25/2004 3:45:28 PM
Last modified : 5/28/2004 8:22:04 PM

#:36 [3dnasys.exe]
FilePath : C:\Program Files\3DNA\Resources\
ThreadCreationTime : 7/25/2004 1:23:32 AM
BasePriority : Normal
FileSize : 344 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 2001
FileDescription : 3DNA Desktop Controller
InternalName : 3DNA Desktop Systray
OriginalFilename : 3dnasys.EXE
ProductName : 3DNA Desktop Controller
Created on : 4/18/2003 5:50:11 PM
Last accessed : 7/25/2004 4:05:23 PM
Last modified : 2/20/2003 12:20:32 AM

#:37 [3dnasys.exe]
FilePath : C:\Program Files\3DNA\Resources\
ThreadCreationTime : 7/25/2004 1:23:33 AM
BasePriority : Normal
FileSize : 344 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 2001
FileDescription : 3DNA Desktop Controller
InternalName : 3DNA Desktop Systray
OriginalFilename : 3dnasys.EXE
ProductName : 3DNA Desktop Controller
Created on : 4/18/2003 5:50:11 PM
Last accessed : 7/25/2004 4:05:23 PM
Last modified : 2/20/2003 12:20:32 AM

#:38 [multicap3dna.exe]
FilePath : C:\PROGRA~1\3DNA\Resources\
ThreadCreationTime : 7/25/2004 1:23:43 AM
BasePriority : High
FileSize : 56 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 1999
FileDescription : Browser MFC Application
InternalName : Browser
OriginalFilename : Browser.EXE
ProductName : Browser Application
Created on : 4/18/2003 5:50:11 PM
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 1/21/2003 8:23:14 PM

#:39 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ThreadCreationTime : 7/25/2004 1:23:46 AM
BasePriority : Normal
FileSize : 216 KB
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
OriginalFilename : mcvsftsn.EXE
ProductName : McAfee VirusScan
Created on : 10/13/2003 12:01:20 PM
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 9/29/2003 8:38:16 PM

#:40 [webshotstray.exe]
FilePath : C:\Program Files\Webshots\
ThreadCreationTime : 7/25/2004 1:23:47 AM
BasePriority : Normal
FileSize : 204 KB
FileVersion : 1.3.0.3826
ProductVersion : 1.3.0.3826
Copyright : Copyright © 1998
CompanyName : The Webshots Corporation
FileDescription : Webshots Desktop Tray Application
InternalName : WEBSHOTSTRAY
OriginalFilename : WEBSHOTSTRAY.EXE
ProductName : Webshots Tray Application
Created on : 4/13/2003 1:51:09 AM
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 6/21/2002 8:55:56 PM

#:41 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 7/25/2004 1:23:47 AM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 7.02.0710.1
ProductVersion : 7.02.0710.1
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 1/29/2004
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 11/26/2003

#:42 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 7/25/2004 1:23:58 AM
BasePriority : Normal
FileSize : 1462 KB
FileVersion : 4.7.2005
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 3/18/2003 7:23:00 PM
Last accessed : 7/25/2004 3:56:26 PM
Last modified : 3/18/2003 7:23:00 PM

#:43 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7/25/2004 1:24:53 AM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 8/29/2002 11:00:00 AM

#:44 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7/25/2004 1:24:55 AM
BasePriority : Normal
FileSize : 43 KB
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
Copyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
OriginalFilename : CTsvcCDA.EXE
ProductName : Creative Service for CDROM Access
Created on : 3/21/2003 1:03:01 AM
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 12/13/1999 7:01:00 AM

#:45 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7/25/2004 1:24:55 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
Copyright : Copyright
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
OriginalFilename : gearsec.exe
ProductName : gearsec
Created on : 11/3/2003 6:47:08 PM
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 11/3/2003 6:47:08 PM

#:46 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 7/25/2004 1:24:55 AM
BasePriority : Normal
FileSize : 104 KB
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
OriginalFilename : mcvsrte.exe
ProductName : McAfee VirusScan
Created on : 10/13/2003 12:01:04 PM
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 8/8/2003 11:04:38 PM

#:47 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7/25/2004 1:24:56 AM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 52.16
Created on : 10/6/2003 7:16:00 PM
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 10/6/2003 7:16:00 PM

#:48 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7/25/2004 1:25:01 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
Copyright : Copyright © Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft ® DRM
Created on : 6/26/2000 1:44:20 PM
Last accessed : 7/25/2004 4:05:24 PM
Last modified : 6/26/2000 1:44:20 PM

#:49 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 7/25/2004 1:25:09 AM
BasePriority : Normal
FileSize : 408 KB
FileVersion : 4.2.0.72
ProductVersion : 4.2.0.72
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 12/16/2003 6:05:56 PM
Last accessed : 7/25/2004 4:05:25 PM
Last modified : 12/16/2003 6:05:56 PM

#:50 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 7/25/2004 1:25:39 AM
BasePriority : High
FileSize : 220 KB
Created on : 2/10/2004 2:33:08 PM
Last accessed : 7/25/2004 4:05:25 PM
Last modified : 3/13/2002 2:50:34 PM

#:51 [hijackthis.exe]
FilePath : C:\Documents and Settings\Aarons\Local Settings\Temp\Rar$EX02.578\
ThreadCreationTime : 7/25/2004 1:26:25 AM
BasePriority : Normal
FileSize : 157 KB
FileVersion : 1.97.0007
ProductVersion : 1.97.0007
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
OriginalFilename : HijackThis.exe
ProductName : HijackThis
Created on : 7/24/2004 11:19:14 PM
Last accessed : 7/25/2004 3:24:50 PM
Last modified : 3/22/2004 6:26:00 PM

#:52 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7/25/2004 1:30:11 AM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 7/25/2004 4:05:25 PM
Last modified : 8/29/2002 11:00:00 AM

#:53 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7/25/2004 1:30:13 AM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 7/25/2004 4:05:25 PM
Last modified : 8/29/2002 11:00:00 AM

#:54 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 7/25/2004 1:35:42 AM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 9/5/2003 12:14:22 AM
Last accessed : 7/25/2004 4:05:25 PM
Last modified : 1/3/2004 2:02:10 PM

#:55 [msn.exe]
FilePath : C:\Program Files\MSN\MSNCoreFiles\
ThreadCreationTime : 7/25/2004 1:42:26 AM
BasePriority : Normal
FileSize : 86 KB
FileVersion : 9.00.0013.2101
ProductVersion : 9.00.0013.2101
Copyright : Copyright © Microsoft Corp. 1981-2003
CompanyName : Microsoft Corporation
FileDescription : msn
InternalName : msn
OriginalFilename : msn.exe
ProductName : Microsoft® MSN ® Communications System
Created on : 9/22/2003
Last accessed : 7/25/2004 3:36:28 PM
Last modified : 12/22/2003

#:56 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7/25/2004 4:06:43 AM
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 5/12/2003 2:12:10 AM
Last accessed : 7/25/2004 3:45:27 PM
Last modified : 5/12/2003 2:12:10 AM

#:57 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 7/25/2004 3:47:55 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 7/25/2004 3:46:43 PM
Last accessed : 7/25/2004 3:47:55 PM
Last modified : 7/13/2003 3:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

ClickSpring Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : asd3.testmyie2.1


Dialer Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : Proclaim Telcom
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{DA9A0B1F-9B7B-11D3-B8A4-00C04F79641C}


Dialer Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sexstudio24


Dialer Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sexstudio24.com


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbWebmailSend.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbElementFocus.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbCmndbarESink.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbCmndbarESink


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : HbCoreServices.LfgAx.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{1E24F8A0-5965-4902-90D4-08534E9ADF3B}


InternetDelivery Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Inet Delivery


OrbitExplorer Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : OELoader.Loader


OrbitExplorer Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : OELoader.Loader.1


PeopleOnPage Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : SOFTWARE\Apropos


Win32.Backdoor.Lixy.B Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{1E1B2878-88FF-11D2-8D96-000000000003}


HotBar Object recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Hotbar"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : Hotbar


HotBar Object recognized!
Type : RegValue
Data : Hotbar 4.3.5.0
Category : Data Miner
Comment : "Hotbar 4.3.5.0"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Value : Hotbar 4.3.5.0


Other Object recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "VB_Run"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : VB_Run


Windows Object recognized!
Type : RegData
Data :
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value : Shell
Data :


Windows Object recognized!
Type : RegData
Data :
Category : Vulnerability
Comment : Manual changing of internet-settings restricted
Rootkey : HKEY_CURRENT_USER
Object : Software\Policies\Microsoft\Internet Explorer\Restrictions
Value : NoBrowserOptions
Data :


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 21
Objects found so far: 21


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagemysearchnow.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://mysearchnow.c...www.google.com"
Category : Vulnerability
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://mysearchnow.c...www.google.com"


Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data : droodllxrhnnchnhdglh="http://www.iquicksea...com/search.htm"
Category : Vulnerability
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\grllchglchhtrhay


ClickSpring Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\windows\downlo~1\mediat~1.ocx
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7}


ClickSpring Object recognized!
Type : File
Data : mediat~1.ocx
Category : Data Miner
Comment :
Object : c:\windows\downlo~1\
FileSize : 116 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 2003
CompanyName : PowerTeam Corporation
FileDescription : MediaTicketsInstaller ActiveX Control Module
InternalName : MediaTicketsInstaller
OriginalFilename : MediaTicketsInstaller.OCX
ProductName : MediaTicketsInstaller ActiveX Control Module



ClickSpring Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\windows\downlo~1\mediat~1.ocx
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}


ClickSpring Object recognized!
Type : RegKey
Data : c:\windows\downloaded program files\mediaticketsinstaller.ocx
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{46605C8C-D306-4E2D-B367-9B53690CB867}


ClickSpring Object recognized!
Type : File
Data : mediaticketsinstaller.ocx
Category : Data Miner
Comment :
Object : c:\windows\downloaded program files\
FileSize : 116 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 2003
CompanyName : PowerTeam Corporation
FileDescription : MediaTicketsInstaller ActiveX Control Module
InternalName : MediaTicketsInstaller
OriginalFilename : MediaTicketsInstaller.OCX
ProductName : MediaTicketsInstaller ActiveX Control Module
Created on : 6/2/2004 6:14:28 PM
Last accessed : 7/25/2004 4:06:04 PM
Last modified : 6/2/2004 6:14:28 PM



ClickSpring Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({9EB320CE-BE1D-4304-A081-4B4665414BEF})
Rootkey : HKEY_CLASSES_ROOT
Object : MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1


ClickSpring Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx


OrbitExplorer Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/OELoader.exe


OrbitExplorer Object recognized!
Type : File
Data : oeloader.exe
Category : Data Miner
Comment :
Object : c:\windows\downloaded program files\
FileSize : 40 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 2003
FileDescription : OELoader MFC Application
InternalName : OELoader
OriginalFilename : OELoader.EXE
ProductName : OELoader Application
Created on : 9/24/2003
Last accessed : 7/25/2004 4:07:21 PM
Last modified : 7/11/2003



OrbitExplorer Object recognized!
Type : RegValue
Data : c:\windows\downloaded program files\oeloader.exe
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\OELoader.exe


ClickSpring Object recognized!
Type : RegValue
Data : c:\windows\downloaded program files\mediaticketsinstaller.ocx
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 10
Objects found so far: 34


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

ClickSpring Object recognized!
Type : File
Data : ttuh.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aarons\Application Data\
FileSize : 64 KB
Created on : 6/26/2004 3:46:14 AM
Last accessed : 7/25/2004 4:09:05 PM
Last modified : 6/26/2004 3:46:14 AM



Tracking Cookie Object recognized!
Type : File
Data : aarons@as1.falkag[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aarons\Cookies\

Created on : 7/25/2004 6:57:27 AM
Last accessed : 7/25/2004 4:09:06 PM
Last modified : 7/25/2004 6:57:27 AM



Tracking Cookie Object recognized!
Type : File
Data : aarons@cgi-bin[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aarons\Cookies\

Created on : 7/24/2004 5:57:18 AM
Last accessed : 7/25/2004 4:09:06 PM
Last modified : 7/24/2004 5:57:18 AM



Tracking Cookie Object recognized!
Type : File
Data : aarons@cgi-bin[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aarons\Cookies\

Created on : 7/24/2004 6:02:41 AM
Last accessed : 7/25/2004 4:09:06 PM
Last modified : 7/24/2004 6:02:41 AM



Tracking Cookie Object recognized!
Type : File
Data : aarons@hotlog[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aarons\Cookies\

Created on : 7/24/2004 5:56:29 AM
Last accessed : 7/25/2004 4:09:06 PM
Last modified : 7/24/2004 5:56:29 AM



Tracking Cookie Object recognized!
Type : File
Data : aarons@realmedia[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aarons\Cookies\

Created on : 7/22/2004 5:50:01 PM
Last accessed : 7/25/2004 4:09:06 PM
Last modified : 7/23/2004 9:23:48 AM



Tracking Cookie Object recognized!
Type : File
Data : aarons@spylog[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aarons\Cookies\

Created on : 7/24/2004 5:56:12 AM
Last accessed : 7/25/2004 4:09:06 PM
Last modified : 7/24/2004 5:56:29 AM



Tracking Cookie Object recognized!
Type : File
Data : aarons@0[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aarons\Local Settings\Temp\Cookies\

Created on : 7/10/2004 3:52:36 PM
Last accessed : 7/25/2004 4:09:24 PM
Last modified : 7/10/2004 3:52:36 PM



Tracking Cookie Object recognized!
Type : File
Data : aarons@276[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Aarons\Local Settings\Temp\Cookies\

Created on : 7/10/2004 3:52:34 PM
Last accessed : 7/25/2004 4:09:24 PM
Last modified : 7/10/2004 3:52:34 PM



DownloadPlus Object recognized!
Type : File
Data : download plus.lnk
Category : Malware
Comment :
Object : C:\Documents and Settings\Aarons\Start Menu\Programs\Startup\

Created on : 7/24/2004 11:28:38 PM
Last accessed : 7/25/2004 4:10:43 PM
Last modified : 7/30/2003



BroadCastPC Object recognized!
Type : File
Data : a0092506.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP494\
FileSize : 73 KB
Created on : 2/20/2004
Last accessed : 7/25/2004 4:27:01 PM
Last modified : 4/10/2004



BroadCastPC Object recognized!
Type : File
Data : a0092507.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP494\
FileSize : 43 KB
Created on : 11/23/2003
Last accessed : 7/25/2004 4:27:01 PM
Last modified : 10/10/2003



Lop Object recognized!
Type : File
Data : a0093154.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP497\
FileSize : 55 KB
Created on : 4/23/2004 12:43:27 AM
Last accessed : 7/25/2004 4:27:17 PM
Last modified : 4/23/2004 12:43:27 AM



Lop Object recognized!
Type : File
Data : a0102919.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\
FileSize : 32 KB
Created on : 4/22/2004 11:03:17 PM
Last accessed : 7/25/2004 4:29:45 PM
Last modified : 4/22/2004 11:03:17 PM



BroadCastPC Object recogniz

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 25 July 2004 - 05:01 PM

Much easier to ealwith a posted log, rather than one which is attached.

Here it is : -

Logfile of HijackThis v1.97.7
Scan saved at 8:28:41 PM, on 7/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\PLANCR~1\bits trust.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Foreignword\Xanadu\Xanadu.exe
C:\Program Files\Winamp3\winampa.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\3DNA\Resources\3dnasys.exe
C:\Program Files\3DNA\Resources\3dnasys.exe
C:\PROGRA~1\3DNA\Resources\multicap3dna.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Aarons\Local Settings\Temp\Rar$EX02.578\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.c.../www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.14.239.130:8080
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {00006236-A927-4979-9F45-AB915FB9AADE} - C:\WINDOWS\System32\SITEHE~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {02BA45B9-0B62-4365-17C5-EBD7303C7F6D} - C:\PROGRA~1\HOLDTY~1\morelite.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10dbde91-b3b7-45c2-acae-d9070744c051} - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-000000000003} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\SYSTEM32\3DNATO~1.DLL
O3 - Toolbar: Ask Jeeves Bar - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - C:\WINDOWS\System32\askbarAB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: stop cake - {F84340AD-EBCB-0E73-D52A-E08E3D78A186} - C:\PROGRA~1\HOLDTY~1\morelite.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Elsethunk] C:\PROGRA~1\PLANCR~1\bits trust.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Xanadu] C:\Program Files\Foreignword\Xanadu\Xanadu.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [VB_run] C:\WINDOWS\comctl_32.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [iestart] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.5.0\HbInst.exe /Upgrade
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BIOVFSY] C:\WINDOWS\BIOVFSY.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DivX Updater] C:\WINDOWS\System32\DivX.Exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Aarons\Application Data\DownloadPlus.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: 3DNA Desktop.lnk = C:\Program Files\3DNA\Resources\3dnasys.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Ask Jeeves Search - res://C:\WINDOWS\System32\askbarAB.dll/cmd-search-selection
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Dictionary Search - res://C:\WINDOWS\System32\askbarAB.dll/cmd-search-selection-word
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Xanadu (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O15 - Trusted Zone: http://www.scatinbrazil.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...nstall_popup.pl?
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {16F2EA75-DF7F-4DA1-9F72-72EF6019AF79} (SHInst Class) - http://s92385319.onl.../Sitehelper.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylineso...stallPlugIn.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.micro...b?1064117631328
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reall...m/CrazyTalk.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...b?rand=20034133
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.filep...DC_1_0_0_41.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} (AJ Installer Control) - http://sp.ask.com/do...askbar-inst.cab
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (AltaVista Toolbar) - http://toolbar.altav...ab?r=1081528276
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...73/mcinsctl.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx...erInstaller.exe
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7869.5396643519
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communitie...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate....nloads/outc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-27.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 25 July 2004 - 05:10 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.c.../www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.14.239.130:8080
R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {00006236-A927-4979-9F45-AB915FB9AADE} - C:\WINDOWS\System32\SITEHE~1.DLL
O2 - BHO: (no name) - {02BA45B9-0B62-4365-17C5-EBD7303C7F6D} - C:\PROGRA~1\HOLDTY~1\morelite.dll
O2 - BHO: (no name) - {10dbde91-b3b7-45c2-acae-d9070744c051} - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-000000000003} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\SYSTEM32\3DNATO~1.DLL
O3 - Toolbar: stop cake - {F84340AD-EBCB-0E73-D52A-E08E3D78A186} - C:\PROGRA~1\HOLDTY~1\morelite.dll

O4 - HKLM\..\Run: [Elsethunk] C:\PROGRA~1\PLANCR~1\bits trust.exe
O4 - HKLM\..\Run: [VB_run] C:\WINDOWS\comctl_32.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [iestart] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.5.0\HbInst.exe /Upgrade
O4 - HKLM\..\Run: [BIOVFSY] C:\WINDOWS\BIOVFSY.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DivX Updater] C:\WINDOWS\System32\DivX.Exe

O9 - Extra button: WeatherBug (HKCU)
O15 - Trusted Zone: http://www.scatinbrazil.com

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...nstall_popup.pl?
O16 - DPF: {16F2EA75-DF7F-4DA1-9F72-72EF6019AF79} (SHInst Class) - http://s92385319.onl.../Sitehelper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...b?rand=20034133
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab

Reboot and delete

files
C:\WINDOWS\comctl_32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\BIOVFSY.exe
C:\WINDOWS\System32\DivX.Exe

folders
C:\Program Files\HOLDTY~1
C:\Program Files\PLANCR~1
C:\Program Files\TV Media
C:\Program Files\AWS
C:\Program Files\Hotbar

These may be hidden files. See HERE for how to show hidden files.

The file C:\WINDOWS\System32\DivX.Exe is a virus. Please check that your antivirus program is up to date.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 MrO

MrO

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 July 2004 - 06:54 PM

Logfile of HijackThis v1.97.7
Scan saved at 5:36:48 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\PLANCR~1\bits trust.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Foreignword\Xanadu\Xanadu.exe
C:\Program Files\Winamp3\winampa.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\3DNA\Resources\3dnasys.exe
C:\Program Files\3DNA\Resources\3dnasys.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\3DNA\Resources\multicap3dna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YServer.exe
C:\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00006236-A927-4979-9F45-AB915FB9AADE} - C:\WINDOWS\System32\SITEHE~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {02BA45B9-0B62-4365-17C5-EBD7303C7F6D} - C:\PROGRA~1\HOLDTY~1\morelite.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10dbde91-b3b7-45c2-acae-d9070744c051} - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-000000000003} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\SYSTEM32\3DNATO~1.DLL
O3 - Toolbar: Ask Jeeves Bar - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - C:\WINDOWS\System32\askbarAB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: stop cake - {F84340AD-EBCB-0E73-D52A-E08E3D78A186} - C:\PROGRA~1\HOLDTY~1\morelite.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Elsethunk] C:\PROGRA~1\PLANCR~1\bits trust.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Xanadu] C:\Program Files\Foreignword\Xanadu\Xanadu.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [iestart] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BIOVFSY] C:\WINDOWS\BIOVFSY.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DivX Updater] C:\WINDOWS\System32\DivX.Exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: 3DNA Desktop.lnk = C:\Program Files\3DNA\Resources\3dnasys.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Ask Jeeves Search - res://C:\WINDOWS\System32\askbarAB.dll/cmd-search-selection
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Dictionary Search - res://C:\WINDOWS\System32\askbarAB.dll/cmd-search-selection-word
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Xanadu (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O15 - Trusted Zone: http://www.scatinbrazil.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...nstall_popup.pl?
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {16F2EA75-DF7F-4DA1-9F72-72EF6019AF79} (SHInst Class) - http://s92385319.onl.../Sitehelper.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylineso...stallPlugIn.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.micro...b?1064117631328
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reall...m/CrazyTalk.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...b?rand=20034133
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.filep...DC_1_0_0_41.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} (AJ Installer Control) - http://sp.ask.com/do...askbar-inst.cab
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (AltaVista Toolbar) - http://toolbar.altav...ab?r=1081528276
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...73/mcinsctl.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx...erInstaller.exe
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7869.5396643519
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communitie...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate....nloads/outc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-27.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B52D320-635E-484E-8365-8652F9ED4FD9}: NameServer = 151.164.8.201 151.164.1.8

Posted above is the new Hijack this log file. As for the instructions for the Adaware log file, you're too late. H@ns (mistakenly) told me to mark everything for removal and I did. He later apologized and said he meant the Hijack this file so the new Hijack this log was developed after already 'getting rid of' everything revealed by the Adaware log.

"mysearchnow" continues to try to hijack my home page in IE although Spysweeper alerts me to this and prevents it at my instruction.

The other pest I mentioned: 'mail.mailabview', appears to affect only my ability to save incoming email addresses. I get a message saying: 'windows cannot open this file mailabview etc. It appears to come in with downloads. After trying to download a .dll file from the website offering those downloads (unsuccessfully because the downloaded file proved to be a .php file instead), I discovered 3 instances of 'mail.mailabview' in my download manager.

#6 MrO

MrO

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 July 2004 - 07:22 PM

My apologies to all for bouncing you around from one thread to another. As explained above Dave38, your instructions for the attached Hijack this log no longer apply because I've since run Adaware, 'got rid of' everything and then run Hijack this again, producing the above log.

Again I apologize for the fiasco that developed and want to thank both you and H@ns for both of your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button