Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please read my hijack log and advise


  • Please log in to reply
8 replies to this topic

#1 kegroening

kegroening

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 03 December 2004 - 05:05 PM

hey guys this is my hijack log i also have more info below log .what do i need to do?
thanks

Logfile of HijackThis v1.98.2
Scan saved at 4:02:42 PM, on 12/3/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\TYPEITIN\TYPEITIN.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\SAFE & SOUND\WGLITE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\INSTANT WEBPAGE\INSTWPAGE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1055.dll,InstantAccess
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - HKCU\..\RunServices: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - HKCU\..\RunServices: [Instant Access] rundll32.exe EGDACCESS_1055.dll,InstantAccess
O4 - HKCU\..\RunServices: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Mount Retake Volumes.lnk = C:\Program Files\Network Associates\Safe & Sound\fbmount.exe
O4 - Startup: Image & Restore.lnk = C:\Program Files\Network Associates\Safe & Sound\Image32.exe
O4 - Startup: WinGauge Lite.lnk = C:\Program Files\Network Associates\Safe & Sound\wglite.exe
O4 - Startup: Broadband Wizard.lnk = C:\Program Files\Broadband Wizard\bbwiz.exe
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://activex.microsoft.com/activex/contr...um/MSSurVid.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://showdown.microgaming.com/showdown/FlashAX.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...295/mcfscan.cab
O16 - DPF: {CD62C183-73CE-11D0-8F56-0020AF6DCD1D} (PSNetNote Object) - http://wwwftp.mmm.com/psnotes/npcc2.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDA...ACCESS_1055.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab



also i checked for updates withadaware and spybot s&d they say i am clean
but i ran spyware doctor and spyware storm (of course they want money to clean)
and here is a log of what they found




Spyware Doctor Activity Report
Generated on 12/3/04 3:26:01 PM

Spyware Doctor Homepage
 
PCTools Homepage
 
Technical Support
 


Scans (basic information only):
 

Scan Results:



scan start:
12/3/04 3:26:39 PM
scan stop:
12/3/04 3:30:47 PM
scanned items:
60952
found items:
91
found and ignored:
0
tools used:
General Scanner, Process Scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Scanner, Disk Scanner

 
 
 
 
 
Infection Name
Location
Risk
 
Gator
multiple
Elevated
 
SaveNow
multiple
Medium
 
Windows SyncroAd
multiple
High
 
akamai.downloadv3.com
HKCU\Software\livesvc
High
 
akamai.downloadv3.com
HKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant Access
High
 
Begin2Search
HKCU\Software\aaa_soft
High
 
Begin2Search
HKCR\Interface\{17973BD7-959C-4D8A-8B2F-AB200E20A75E}
High
 
Begin2Search
HKCR\Interface\{6FE4AADF-EDAC-4037-9164-0B60179A4F12}
High
 
Begin2Search
HKCR\Interface\{A797A41D-F9F0-4A32-B9B5-AF927CB5AE54}
High
 
Begin2Search
HKCR\Interface\{B12508AD-CA55-4238-8DB3-55808BA6915A}
High
 
Begin2Search
HKCR\Interface\{BF7CB2C3-55B6-44C1-9615-920D004C27F7}
High
 
Begin2Search
HKCR\Interface\{F912C325-5B26-4AD6-BF39-84370833E972}
High
 
Begin2Search
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D568F0F-8AC9-40AB-88B7-415134C78777}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fd2-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fd4-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fd5-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fd6-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fd7-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fd9-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fdb-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fdd-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fde-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fe0-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fe1-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fe4-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fe5-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fe7-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{065e6fe8-1bf9-11d2-bae8-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\interface\{62fcac31-2581-11d2-baf1-00104b9e0792}
High
 
BonziBuddy
HKLM\software\classes\typelib\{065e6fd1-1bf9-11d2-bae8-00104b9e0792}
High
 
Dyfuca/Internet Optimizer
HKLM\software\microsoft\windows\currentversion\shareddlls##c:\windows\downloaded program files\unidist.ocx
High
 
FUNWEBPRODUCTS
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Medium
 
FUNWEBPRODUCTS
HKCR\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Medium
 
FUNWEBPRODUCTS
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Medium
 
FUNWEBPRODUCTS
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
Medium
 
FUNWEBPRODUCTS
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Medium
 
FUNWEBPRODUCTS
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Medium
 
FUNWEBPRODUCTS
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Medium
 
FUNWEBPRODUCTS
HKCR\TypeLib\{00A6FAF0-072E-44CF-8957-5838F569A31D}
Medium
 
FUNWEBPRODUCTS
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Medium
 
FUNWEBPRODUCTS
HKCU\Software\FunWebProducts
Medium
 
HotBar
HKCR\clsid\{354382db-df55-4da9-85a3-41696a0f510f}
Medium
 
HotBar
HKCR\clsid\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}
Medium
 
HotBar
HKCR\Hotbar.HbTravelCompareBar
Medium
 
HotBar
HKCR\Hotbar.HbTravelCompareBar.1
Medium
 
HotBar
HKCR\HbToolbar.HbHtmlMenuUI
Medium
 
HotBar
HKCR\HbToolbar.HbHtmlMenuUI.1
Medium
 
HotBar
HKCR\Interface\{340D8791-0E2C-43CF-9671-7E90AAFBF0DA}
Medium
 
HotBar
HKCR\Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA}
Medium
 
HotBar
HKLM\software\classes\hbtoolbar.hbhtmlmenuui
Medium
 
HotBar
HKLM\software\classes\hbtoolbar.hbhtmlmenuui.1
Medium
 
HotBar
HKLM\software\classes\hbtoolbar.hbhtmlmenuui\clsid
Medium
 
HotBar
HKLM\software\classes\hbtoolbar.hbhtmlmenuui\curver
Medium
 
HotBar
HKLM\software\classes\hotbar.hbtravelcomparebar
Medium
 
HotBar
HKLM\software\classes\hotbar.hbtravelcomparebar.1
Medium
 
HotBar
HKLM\software\classes\hotbar.hbtravelcomparebar\clsid
Medium
 
HotBar
HKLM\software\classes\hotbar.hbtravelcomparebar\curver
Medium
 
HotBar
HKLM\software\classes\interface\{340d8791-0e2c-43cf-9671-7e90aafbf0da}
Medium
 
HotBar
HKLM\software\classes\interface\{bc2025dc-136b-492f-aeff-31d0ba8b98da}
Medium
 
MoneyTree/DyFuCa
HKLM\software\microsoft\windows\currentversion\shareddlls##c:\windows\downloaded program files\unidist.ocx
High
 
nCASE
HKLM\software\microsoft\windows\currentversion\shareddlls##c:\windows\downloaded program files\ncaseinstaller.dll
Medium
 
UCSearch
HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ucsearch.ocx
Medium
 
UCSearch
HKLM\software\microsoft\windows\currentversion\shareddlls##c:\windows\downloaded program files\ucsearch.ocx
Medium
 
Tracking Cookie
docroc@cgi-bin[1].txt
Medium
 
Tracking Cookie
docroc@findhelphere.ohgo[1].txt
Medium
 
Tracking Cookie
docroc@perf.overture[1].txt
Medium
 
Tracking Cookie
docroc@network[2].txt
Medium
 
Tracking Cookie
docroc@yadro[2].txt
Medium
 
Tracking Cookie
docroc@apmebf[2].txt
Medium
 
Tracking Cookie
docroc@www.web-stat[2].txt
Medium
 
Tracking Cookie
docroc@ads.pointroll[1].txt
Medium
 
Tracking Cookie
docroc@www.ohgo[2].txt
Medium
 
Tracking Cookie
docroc@pop.mircx[1].txt
Medium
 
Tracking Cookie
docroc@www.vibrantmedia[2].txt
Medium
 
Tracking Cookie
docroc@metareward[1].txt
Medium
 
Tracking Cookie
docroc@versiontracker[1].txt
Medium
 
Begin2Search
{4D568F0F-8AC9-40AB-88B7-415134C78777}
High
 
FUNWEBPRODUCTS
{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Medium
 
FUNWEBPRODUCTS
{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Medium
 
FUNWEBPRODUCTS
{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Medium
 
FUNWEBPRODUCTS
{A4730EBE-43A6-443e-9776-36915D323AD3}
Medium
 
HotBar
{354382db-df55-4da9-85a3-41696a0f510f}
Medium
 
HotBar
{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}
Medium
 
Windows SyncroAd
C:\Program Files\Windows SyncroAd\WinSync.exe
High
 
TopRebrates or WebRebates
C:\WINDOWS\BELT.INI
Medium
 
IEPlugin
C:\WINDOWS\Downloaded Program Files\default.inf
Medium
 
Huntbar
C:\WINDOWS\Downloaded Program Files\QDow.dll
Elevated
 
Spyblocs
C:\WINDOWS\sb_affiliate.ini
Medium
 
Free Scr Cards
C:\WINDOWS\SYSTEM\fsc.ini
Elevated
 
PeoplePC Toolbar
C:\WINDOWS\SYSTEM\PPCRunOnce.exe
Medium
 
TopMoxie
C:\WINDOWS\Downloaded Program Files\topexe.inf
Medium
 
 
 
 
Other Sections:
 


 

Copyright © 2003-2004 PCTools Pty Ltd
Legal Notice

 

this is a log of what spyware stormer found
Scan mode: Smart Scan
Scan uncovered following 64 items:
     Cookie:docroc@adsremote.scripps[1].txt   |Tracking Cookie
     Cookie:docroc@belointeractive[1].txt   |Tracking Cookie
     Cookie:docroc@ads.belointeractive[1].txt   |Tracking Cookie
     Cookie:docroc@bluestreak[1].txt   |Tracking Cookie
     Cookie:docroc@burstnet[1].txt   |Tracking Cookie
     Cookie:docroc@stats2.clicktracks[2].txt   |Tracking Cookie
     Cookie:docroc@vip.clickzs[1].txt   |Tracking Cookie
     Cookie:docroc@search.domainsponsor[1].txt   |Tracking Cookie
     Cookie:docroc@edge.ru4[1].txt   |Tracking Cookie
     Cookie:docroc@gator[2].txt   |Tracking Cookie
     Cookie:docroc@geocities[2].txt   |Tracking Cookie
     Cookie:docroc@perf.overture[1].txt   |Tracking Cookie
     Cookie:docroc@ads.pointroll[1].txt   |Tracking Cookie
     Cookie:docroc@questionmarket[1].txt   |Tracking Cookie
     Cookie:docroc@trafficmp[2].txt   |Tracking Cookie
     Path:C:\WINDOWS\NETWATCH.EXE   |Worm
     RegKey:HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}   |Adware
     RegKey:HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\gator.com   |Adware
     RegKey:HKEY_USERS\.default\software\microsoft\systemcertificates\trustedpublisher\crls   |Adware
     RegKey:HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\xxxtoolbar.com   |Adware
     RegKey:HKEY_CLASSES_ROOT\clsid\{ea8a2b2c-1e59-4038-b9e0-669b32c51d2d}   |Adware
     RegKey:HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gain   |Adware
     RegKey:HKEY_USERS\.default\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gain   |Adware
     RegKey:HKEY_CLASSES_ROOT\clsid\{354382db-df55-4da9-85a3-41696a0f510f}   |Adware
     RegKey:HKEY_CLASSES_ROOT\clsid\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}   |Adware
     RegKey:HKEY_CLASSES_ROOT\hbtoolbar.hbhtmlmenuui   |Adware
     RegKey:HKEY_CLASSES_ROOT\hbtoolbar.hbhtmlmenuui.1   |Adware
     RegKey:HKEY_CLASSES_ROOT\hotbar.hbtravelcomparebar   |Adware
     RegKey:HKEY_CLASSES_ROOT\hotbar.hbtravelcomparebar.1   |Adware
     RegKey:HKEY_CLASSES_ROOT\interface\{340d8791-0e2c-43cf-9671-7e90aafbf0da}   |Adware
     RegKey:HKEY_CLASSES_ROOT\interface\{bc2025dc-136b-492f-aeff-31d0ba8b98da}   |Adware
     RegKey:HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\clsid\{354382db-df55-4da9-85a3-41696a0f510f}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\clsid\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hbtoolbar.hbhtmlmenuui   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hbtoolbar.hbhtmlmenuui.1   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hbtoolbar.hbhtmlmenuui\clsid   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hbtoolbar.hbhtmlmenuui\curver   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hotbar.hbtravelcomparebar   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hotbar.hbtravelcomparebar.1   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hotbar.hbtravelcomparebar\clsid   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hotbar.hbtravelcomparebar\curver   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{340d8791-0e2c-43cf-9671-7e90aafbf0da}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{bc2025dc-136b-492f-aeff-31d0ba8b98da}   |Adware
     RegKey:HKEY_USERS\.default\software\microsoft\internet explorer\explorer bars\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}   |Adware
     Path:C:\Program Files\bearshare\webstats.exe   |Adware
     Path:C:\Program Files\save\save.exe   |Adware
     Path:C:\WINDOWS\TEMP\saveinstwm.exe   |Adware
     Path:C:\Program Files\bearshare\runmsc.dll   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\.gnu   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\magnet\defaulticon   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\magnet\shell\open\command   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver   |Adware
     Folder:C:\Program Files\save   |Adware
     RegKey:HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\xxxtoolbar.com   |Hijacker
     RegKey:HKEY_CURRENT_USER\software\fsc   |Hijacker
     Path:C:\WINDOWS\downloaded program files\qdow.dll   |Hijacker
     RegKey:HKEY_LOCAL_MACHINE\software\magnet   |Adware


Scan process started on 11/27/04  10:49:46
Scan mode: Smart Scan
Scan uncovered following 52 items:
     Cookie:docroc@adsremote.scripps[1].txt   |Tracking Cookie
     Cookie:docroc@belointeractive[1].txt   |Tracking Cookie
     Cookie:docroc@ads.belointeractive[1].txt   |Tracking Cookie
     Cookie:docroc@burstnet[1].txt   |Tracking Cookie
     Cookie:docroc@stats2.clicktracks[2].txt   |Tracking Cookie
     Cookie:docroc@vip.clickzs[1].txt   |Tracking Cookie
     Cookie:docroc@search.domainsponsor[1].txt   |Tracking Cookie
     Cookie:docroc@perf.overture[1].txt   |Tracking Cookie
     Cookie:docroc@ads.pointroll[1].txt   |Tracking Cookie
     Path:C:\WINDOWS\NETWATCH.EXE   |Worm
     RegKey:HKEY_USERS\.default\software\microsoft\systemcertificates\trustedpublisher\crls   |Adware
     RegKey:HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\xxxtoolbar.com   |Adware
     RegKey:HKEY_CLASSES_ROOT\clsid\{ea8a2b2c-1e59-4038-b9e0-669b32c51d2d}   |Adware
     RegKey:HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gain   |Adware
     RegKey:HKEY_USERS\.default\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gain   |Adware
     RegKey:HKEY_CLASSES_ROOT\clsid\{354382db-df55-4da9-85a3-41696a0f510f}   |Adware
     RegKey:HKEY_CLASSES_ROOT\clsid\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}   |Adware
     RegKey:HKEY_CLASSES_ROOT\hbtoolbar.hbhtmlmenuui   |Adware
     RegKey:HKEY_CLASSES_ROOT\hbtoolbar.hbhtmlmenuui.1   |Adware
     RegKey:HKEY_CLASSES_ROOT\hotbar.hbtravelcomparebar   |Adware
     RegKey:HKEY_CLASSES_ROOT\hotbar.hbtravelcomparebar.1   |Adware
     RegKey:HKEY_CLASSES_ROOT\interface\{340d8791-0e2c-43cf-9671-7e90aafbf0da}   |Adware
     RegKey:HKEY_CLASSES_ROOT\interface\{bc2025dc-136b-492f-aeff-31d0ba8b98da}   |Adware
     RegKey:HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\clsid\{354382db-df55-4da9-85a3-41696a0f510f}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\clsid\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hbtoolbar.hbhtmlmenuui   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hbtoolbar.hbhtmlmenuui.1   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hbtoolbar.hbhtmlmenuui\clsid   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hbtoolbar.hbhtmlmenuui\curver   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hotbar.hbtravelcomparebar   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hotbar.hbtravelcomparebar.1   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hotbar.hbtravelcomparebar\clsid   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\hotbar.hbtravelcomparebar\curver   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{340d8791-0e2c-43cf-9671-7e90aafbf0da}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{bc2025dc-136b-492f-aeff-31d0ba8b98da}   |Adware
     RegKey:HKEY_USERS\.default\software\microsoft\internet explorer\explorer bars\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}   |Adware
     Path:C:\Program Files\bearshare\webstats.exe   |Adware
     Path:C:\Program Files\bearshare\runmsc.dll   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\.gnu   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\magnet\defaulticon   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\magnet\shell\open\command   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid   |Adware
     RegKey:HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver   |Adware
     Folder:C:\Program Files\save   |Adware
     RegKey:HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\xxxtoolbar.com   |Hijacker
     RegKey:HKEY_CURRENT_USER\software\fsc   |Hijacker
     Path:C:\WINDOWS\downloaded program files\qdow.dll   |Hijacker
     RegKey:HKEY_LOCAL_MACHINE\software\magnet   |Adware

BC AdBot (Login to Remove)

 


#2 kegroening

kegroening
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 04 December 2004 - 12:37 AM

somebody please diagnose my hijack.

#3 kegroening

kegroening
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 04 December 2004 - 07:17 AM

New hjt log i have cleaned as much as i can

Logfile of HijackThis v1.98.2
Scan saved at 6:13:09 AM, on 12/4/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\TYPEITIN\TYPEITIN.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\HIGHJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1055.dll,InstantAccess
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Mount Retake Volumes.lnk = C:\Program Files\Network Associates\Safe & Sound\fbmount.exe
O4 - Startup: Image & Restore.lnk = C:\Program Files\Network Associates\Safe & Sound\Image32.exe
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://activex.microsoft.com/activex/contr...um/MSSurVid.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://showdown.microgaming.com/showdown/FlashAX.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...295/mcfscan.cab
O16 - DPF: {CD62C183-73CE-11D0-8F56-0020AF6DCD1D} (PSNetNote Object) - http://wwwftp.mmm.com/psnotes/npcc2.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDA...ACCESS_1055.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:17 PM

Posted 16 December 2004 - 04:41 PM

Hi if you are still having a problem:

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

#5 kegroening

kegroening
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 21 December 2004 - 09:43 PM

here is new hijack log.
please advise
thanks

#6 kegroening

kegroening
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 21 December 2004 - 09:44 PM

please advise.
thanks

Logfile of HijackThis v1.98.2
Scan saved at 8:45:15 PM, on 12/21/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WINDOWS CONTROLAD\WINCTLAD.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\TYPEITIN\TYPEITIN.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\WINDOWS CONTROLAD\WINCTLADALT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\NETSCAPE WEB ACCELERATOR\PBHELPER.DLL
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Windows ControlAd] C:\PROGRAM FILES\WINDOWS CONTROLAD\WINCTLAD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL (file missing)
O9 - Extra button: iGive - {987D0E71-6CAD-11d5-AA37-0001028DF1BC} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://activex.microsoft.com/activex/contr...um/MSSurVid.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://showdown.microgaming.com/showdown/FlashAX.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...295/mcfscan.cab
O16 - DPF: {CD62C183-73CE-11D0-8F56-0020AF6DCD1D} (PSNetNote Object) - http://wwwftp.mmm.com/psnotes/npcc2.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDA...ACCESS_1055.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/ocis/OSInfo.cab
O16 - DPF: {BA549C46-AD38-11D7-A476-00D0590EC9DE} (SiS_OCX98 Control) - http://www.sis.com/support/ocis/SiSAutodetect98.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5271ab95b94951b

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:17 PM

Posted 22 December 2004 - 03:01 PM

I do not see a new log :thumbsup:

#8 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:02:17 PM

Posted 23 December 2004 - 01:45 PM

Found lost log :thumbsup: (above)

kegroening,
When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and a delay in the help you are receiving.

Edited by cryo, 23 December 2004 - 01:46 PM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:17 PM

Posted 23 December 2004 - 05:09 PM

Thanks cryo..


You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users