Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot revisited


  • Please log in to reply
5 replies to this topic

#1 Guy With A Hard Drive

Guy With A Hard Drive

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 05 November 2004 - 08:22 PM

Hi everyone! I've posted and received some excellent info and diagnosis here. Unfortunately, my computer is plagued with something again. I've run AVG, and it doesn't find anything.
My internet service provider recommends I use their firewall for a fee. Is this recommended?

Hijack this log;

Logfile of HijackThis v1.97.7
Scan saved at 8:17:21 PM, on 11/5/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
c:\WINNT\system32\drivers\help\windows\FireDaemon.EXE
c:\winnt\system32\windll\FireDaemon.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\WINNT\system32\drivers\help\windows\cygmech.exe
C:\WINNT\system32\winos.exe
c:\WINNT\system32\drivers\help\win\FireDaemon.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
c:\WINNT\system32\drivers\help\win\cygmech.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\WINNT\system32\love.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINNT\system32\lscss.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\sbzolp.exe
C:\WINNT\system32\cftmon.exe
C:\WINNT\system32\svhost.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINNT\system32\cftmon.exe
C:\WINNT\system32\svhost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\cidaemon.exe
c:\winnt\system32\windll\cygmech.exe
C:\WINNT\System32\freecell.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\slayer.exe
C:\svhost.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {67F9422C-9564-26C1-8756-10550CA82B3B} - C:\WINNT\system32\mhgi.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 2)] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 2)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 3)] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 3)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [vbndfer] C:\WINNT\SYSTEM32\ghnbv.exe
O4 - HKLM\..\Run: [Microsoft RPC Manager] system.exe
O4 - HKLM\..\Run: [Microsoft Windows GUI] msmonk32.exe
O4 - HKLM\..\Run: [0wN3d uR ComPuTEr U bleepiNg N00B bleepers muhaahhaaha.... l33t 0wN3d y000] Gada.exe
O4 - HKLM\..\Run: [Ran] C:\WINNT\SYSTEM32\ecvetp.exe
O4 - HKLM\..\Run: [Configuration Loaded] love.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Microsoft Help] svh0st.exe
O4 - HKLM\..\Run: [Win service] lscss.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Win Users2] sbzolp.exe
O4 - HKLM\..\Run: [cftmon] cftmon.exe
O4 - HKLM\..\Run: [Windows update configs] svhost.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] slayer.exe
O4 - HKLM\..\RunServices: [Microsoft RPC Manager] system.exe
O4 - HKLM\..\RunServices: [Microsoft Windows GUI] msmonk32.exe
O4 - HKLM\..\RunServices: [0wN3d uR ComPuTEr U bleepiNg N00B bleepers muhaahhaaha.... l33t 0wN3d y000] Gada.exe
O4 - HKLM\..\RunServices: [Configuration Loaded] love.exe
O4 - HKLM\..\RunServices: [Microsoft Help] svh0st.exe
O4 - HKLM\..\RunServices: [Win service] lscss.exe
O4 - HKLM\..\RunServices: [Win Users2] sbzolp.exe
O4 - HKLM\..\RunServices: [cftmon] cftmon.exe
O4 - HKLM\..\RunServices: [Windows update configs] svhost.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] slayer.exe
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Microsoft RPC Manager] system.exe
O4 - HKCU\..\Run: [Aora] C:\Documents and Settings\Administrator\Application Data\asuu.exe
O4 - HKCU\..\Run: [Redgjrwj] C:\WINNT\system32\ivf.exe
O4 - HKCU\..\Run: [cftmon] cftmon.exe
O4 - HKCU\..\Run: [Windows update configs] svhost.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] slayer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/097aa454e0b7b0...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37980.369212963
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/asl.../AcpControl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{655A6094-F17E-45B1-9E2C-8CF775FAC34C}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{655A6094-F17E-45B1-9E2C-8CF775FAC34C}: NameServer = 192.168.2.1

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:12 AM

Posted 06 November 2004 - 01:42 AM

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

#3 Guy With A Hard Drive

Guy With A Hard Drive
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 06 November 2004 - 12:16 PM

Here's the latest - thanks for replying!


Logfile of HijackThis v1.98.2
Scan saved at 12:18:33 PM, on 11/6/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
c:\WINNT\system32\drivers\help\windows\FireDaemon.EXE
c:\winnt\system32\windll\FireDaemon.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\WINNT\system32\drivers\help\windows\cygmech.exe
C:\WINNT\system32\winos.exe
c:\WINNT\system32\drivers\help\win\FireDaemon.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
c:\WINNT\system32\drivers\help\win\cygmech.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cidaemon.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {67F9422C-9564-26C1-8756-10550CA82B3B} - C:\WINNT\system32\mhgi.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 2)] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 2)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 3)] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 3)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [vbndfer] C:\WINNT\SYSTEM32\ghnbv.exe
O4 - HKLM\..\Run: [Microsoft RPC Manager] system.exe
O4 - HKLM\..\Run: [Microsoft Windows GUI] msmonk32.exe
O4 - HKLM\..\Run: [0wN3d uR ComPuTEr U bleepiNg N00B bleepers muhaahhaaha.... l33t 0wN3d y000] Gada.exe
O4 - HKLM\..\Run: [Ran] C:\WINNT\SYSTEM32\ecvetp.exe
O4 - HKLM\..\Run: [Configuration Loaded] love.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Microsoft Help] svh0st.exe
O4 - HKLM\..\Run: [Win service] lscss.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Win Users2] sbzolp.exe
O4 - HKLM\..\Run: [cftmon] cftmon.exe
O4 - HKLM\..\Run: [Windows update configs] svhost.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] slayer.exe
O4 - HKLM\..\RunServices: [Microsoft RPC Manager] system.exe
O4 - HKLM\..\RunServices: [Microsoft Windows GUI] msmonk32.exe
O4 - HKLM\..\RunServices: [0wN3d uR ComPuTEr U bleepiNg N00B bleepers muhaahhaaha.... l33t 0wN3d y000] Gada.exe
O4 - HKLM\..\RunServices: [Configuration Loaded] love.exe
O4 - HKLM\..\RunServices: [Microsoft Help] svh0st.exe
O4 - HKLM\..\RunServices: [Win service] lscss.exe
O4 - HKLM\..\RunServices: [Win Users2] sbzolp.exe
O4 - HKLM\..\RunServices: [cftmon] cftmon.exe
O4 - HKLM\..\RunServices: [Windows update configs] svhost.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] slayer.exe
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Microsoft RPC Manager] system.exe
O4 - HKCU\..\Run: [Aora] C:\Documents and Settings\Administrator\Application Data\asuu.exe
O4 - HKCU\..\Run: [Redgjrwj] C:\WINNT\system32\ivf.exe
O4 - HKCU\..\Run: [cftmon] cftmon.exe
O4 - HKCU\..\Run: [Windows update configs] svhost.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] slayer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...vp/content.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/097aa454e0b7b0...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-3.ibm.com/pc/support/access/asl.../AcpControl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{655A6094-F17E-45B1-9E2C-8CF775FAC34C}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{655A6094-F17E-45B1-9E2C-8CF775FAC34C}: NameServer = 192.168.2.1
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)

#4 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:11:12 PM

Posted 06 November 2004 - 04:58 PM

I am not going to respond to the log portion, but something you said concerns me.

My internet service provider recommends I use their firewall for a fee. Is this recommended?



There are far too many free firewalls that you can get, for you to be using one that charges. Personally, if you plan to get another computer and share the internet connection, you can purchase a 4-port router (around $40 one-time price), and it will have a built-in firewall for all of your computers. You can check out all of the free alternatives (firewalls and other applications), BC's list of free applications
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:12 AM

Posted 07 November 2004 - 04:44 PM

Are you screwing with us?

O4 - HKLM\..\RunServices: [0wN3d uR ComPuTEr U bleepiNg N00B bleepers muhaahhaaha.... l33t 0wN3d y000] Gada.exe

Thats really a line in your hijackthis log? Can you send me a screenshot of your hijackthis with this in it? Interested in seeing it.

Also zip and email the following files to grinler@yahoo.com please:

c:\WINNT\system32\drivers\help\
c:\windows\system32\Gada.exe

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:12 AM

Posted 09 November 2004 - 10:20 PM

You are hacked...please post a brand new hijackthis log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users