• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
BigL

Here is my Log

10 posts in this topic

Have I been hijacked?

 

Logfile of HijackThis v1.97.7

Scan saved at 2:15:21 PM, on 5/18/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\ismserv.exe

C:\WINNT\System32\llssrv.exe

C:\WINNT\System32\sfmprint.exe

C:\WINNT\system32\ntfrs.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\locator.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\tcpsvcs.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\wins.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\System32\mqsvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\DIGStream\digstream.exe

C:\WINNT\SM1BG.EXE

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe

C:\WINNT\system32\wjview.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe

C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOSTS07.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOFXM07.exe

C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe

C:\Program Files\AIM\aim.exe

C:\Documents and Settings\Administrator\My Documents\HIJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\system32\bridge.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINNT\SM1BG.EXE

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [swapper] C:\Program Files\Revolutionary Stuff\Swapper.NET\Swapper.exe /m

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\system32\bridge.dll",Load

O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe

O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HOME.LOCAL

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HOME.LOCAL

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = HOME.LOCAL

Share this post


Link to post
Share on other sites

Hello

 

You Have A Variant of the CoolWebSearch Trojan.

 

Please Download CWShredder from http://www.spywareinfo.com/~merijn/files/CWShredder.exe and run the Program. Press the "Fix" button Let it fix all variants. Next, Close the program, reboot your computer and post a fresh HijackThis log.

Edited by expertec

Share this post


Link to post
Share on other sites

Here's the new log. Thanks for the help.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 3:39:38 PM, on 5/18/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\ismserv.exe

C:\WINNT\System32\llssrv.exe

C:\WINNT\System32\sfmprint.exe

C:\WINNT\system32\ntfrs.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\locator.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\tcpsvcs.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\wins.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\System32\mqsvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\wuauclt.exe

C:\Program Files\DIGStream\digstream.exe

C:\WINNT\SM1BG.EXE

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe

C:\WINNT\system32\wjview.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe

C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOSTS07.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOFXM07.exe

C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\My Documents\HIJT\HijackThis.exe

 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\system32\bridge.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINNT\SM1BG.EXE

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [swapper] C:\Program Files\Revolutionary Stuff\Swapper.NET\Swapper.exe /m

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\system32\bridge.dll",Load

O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe

O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HOME.LOCAL

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HOME.LOCAL

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = HOME.LOCAL

Share this post


Link to post
Share on other sites

Have you run Ad-Aware and Spybot? And do you have any anti-virus software?

Edited by expertec

Share this post


Link to post
Share on other sites

I have adaware and ran it the other day. No, I do not anti virus software..

Edited by BigL

Share this post


Link to post
Share on other sites

OK. Download Spybot from http://www.safer-networking.org/index.php?page=download

 

Install it, update it, and check for problems. Fix anything it finds.

 

Get yourself an Anti-Virus! AVG is a good FREE one. Install it, update it and do a virus scan. Reboot and then post a new HJT log.

Edited by expertec

Share this post


Link to post
Share on other sites

Hi, please do follow tha advice already given about downloading the free AVG antivirus.

 

 

Check the boxes next to all these, close all other windows, then click Fix Checked.

 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

 

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll

 

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll

 

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\system32\bridge.dll

 

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\system32\bridge.dll",Load

 

O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe

 

O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"

 

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

After that, Reboot and find the following to delete.

Enable hidden files if you can't find them http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

 

C:\WINNT\system32\bridge.dll <--- file, may already be deleted, check to make sure

 

C:\WINNT\alchem.exe <--- file only

 

C:\Program Files\WebSavingsfromEbates <--- entire folder

 

 

Then post a new log to make sure that you are clean.

Share this post


Link to post
Share on other sites

Thanks a lot. Here's the new log. Can I delete those files that are in my Hijack this folder?

 

Logfile of HijackThis v1.97.7

Scan saved at 10:51:43 AM, on 5/19/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\ismserv.exe

C:\WINNT\System32\llssrv.exe

C:\WINNT\System32\sfmprint.exe

C:\WINNT\system32\ntfrs.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\locator.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\tcpsvcs.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\Explorer.EXE

C:\WINNT\wanmpsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\wins.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\System32\mqsvc.exe

C:\Program Files\DIGStream\digstream.exe

C:\WINNT\SM1BG.EXE

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe

C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\hpoipm07.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOSTS07.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOFXM07.exe

C:\Documents and Settings\Administrator\My Documents\HIJT\HijackThis.exe

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINNT\SM1BG.EXE

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [swapper] C:\Program Files\Revolutionary Stuff\Swapper.NET\Swapper.exe /m

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HOME.LOCAL

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HOME.LOCAL

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = HOME.LOCAL

Share this post


Link to post
Share on other sites

Hello again,

 

The files in the hijackthis folder are the backups it creates. I would leve them there for awhile to make sure that everything is still working correctly. After using the computer for a week or so, then you can delete them.

 

Your log is now clean of known spyware threats. Consider the following to prevent future problems.

 

 

Protection - download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

 

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Both are very small free programs that you run once, and then just occasionally run to check for updates.

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0